William Leibzon's presentation on SNMP Protocol and Nagios Plugins.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
I gave this presentation 3 times, regarding the demo the first time I used CISCO
packet tracer (simulator) by configuring the router with the SNMP configuration and
adding a community-string then browsing the router elements via an MIB browser from
any pc connected to the router.
the second and third times I made a live demo by using the (pure PERL SNMP library)
and writing a small PERL script using the functions from it and connected my laptop
to the configured router using putty..
pure PERL SNMP library link:
http://code.google.com/p/snmp-session/
SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.
•It is an application level protocol and is designed for application layer so that it can monitor devices made by different manufacturers and installed on different physical networks.
•In other words SNMP frees management tasks from both the physical characteristics of managed devices and the underlying network technology.
•It is based on the concept of manager and agent.
–Agent - process running on each managed node collecting information about the device it is running on. It is a router or a host that runs SNMP server program
–Manager - process running on a management workstation that requests information about devices on the network. It is a host that runs the SNMP client program.
I gave this presentation 3 times, regarding the demo the first time I used CISCO
packet tracer (simulator) by configuring the router with the SNMP configuration and
adding a community-string then browsing the router elements via an MIB browser from
any pc connected to the router.
the second and third times I made a live demo by using the (pure PERL SNMP library)
and writing a small PERL script using the functions from it and connected my laptop
to the configured router using putty..
pure PERL SNMP library link:
http://code.google.com/p/snmp-session/
SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.
•It is an application level protocol and is designed for application layer so that it can monitor devices made by different manufacturers and installed on different physical networks.
•In other words SNMP frees management tasks from both the physical characteristics of managed devices and the underlying network technology.
•It is based on the concept of manager and agent.
–Agent - process running on each managed node collecting information about the device it is running on. It is a router or a host that runs SNMP server program
–Manager - process running on a management workstation that requests information about devices on the network. It is a host that runs the SNMP client program.
Simple Network Management Protocol by vikas jagtapVikas Jagtap
NETWORK MANAGEMENT can be defined as monitoring, testing, configuring and trouble shooting network components to meet a set of requirements defined by an organization.
Set of requirements include the smooth, efficient operation of the network that provides the predefined quality of service for users
Simple Network Management Protocol, en français « protocole simple de gestion de réseau », est un protocole de communication qui permet aux administrateurs réseau de gérer les équipements du réseau, de superviser et de diagnostiquer des problèmes réseaux et matériels à distance.
A network management system (NMS) refers to a collection of applications that enable network
components to be monitored and controlled.
network management systems have the same basic architecture, a
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Abdullaziz Tagawy
Network Management is define as monitoring, testing, configuring, and troubleshooting network components to meet a set of requirements defined by an organization.
The requirements include the smooth, efficient operation of the network that provides the predefined quality of service for users.
To accomplish this task, a network management system uses hardware, software, and humans.
4.1Introduction
- Potential Threats and Attacks on Computer System
- Confinement Problems
- Design Issues in Building Secure Distributed Systems
4.2 Cryptography
- Symmetric Cryptosystem Algorithm: DES
- Asymmetric Cryptosystem
4.3 Secure Channels
- Authentication
- Message Integrity and Confidentiality
- Secure Group Communication
4.4 Access Control
- General Issues
- Firewalls
- Secure Mobile Code
4.5 Security Management
- Key Management
- Issues in Key Distribution
- Secure Group Management
- Authorization Management
Nagios Conference 2013 - Mike Weber - SNMP ExtensionsNagios
Mike Weber's presentation on Mike Weber.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Nathan Vonnahme's presentation on writing custom plugins for Nagios.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Simple Network Management Protocol by vikas jagtapVikas Jagtap
NETWORK MANAGEMENT can be defined as monitoring, testing, configuring and trouble shooting network components to meet a set of requirements defined by an organization.
Set of requirements include the smooth, efficient operation of the network that provides the predefined quality of service for users
Simple Network Management Protocol, en français « protocole simple de gestion de réseau », est un protocole de communication qui permet aux administrateurs réseau de gérer les équipements du réseau, de superviser et de diagnostiquer des problèmes réseaux et matériels à distance.
A network management system (NMS) refers to a collection of applications that enable network
components to be monitored and controlled.
network management systems have the same basic architecture, a
Managing enterprise networks with cisco prime infrastructure_ 1 of 2Abdullaziz Tagawy
Network Management is define as monitoring, testing, configuring, and troubleshooting network components to meet a set of requirements defined by an organization.
The requirements include the smooth, efficient operation of the network that provides the predefined quality of service for users.
To accomplish this task, a network management system uses hardware, software, and humans.
4.1Introduction
- Potential Threats and Attacks on Computer System
- Confinement Problems
- Design Issues in Building Secure Distributed Systems
4.2 Cryptography
- Symmetric Cryptosystem Algorithm: DES
- Asymmetric Cryptosystem
4.3 Secure Channels
- Authentication
- Message Integrity and Confidentiality
- Secure Group Communication
4.4 Access Control
- General Issues
- Firewalls
- Secure Mobile Code
4.5 Security Management
- Key Management
- Issues in Key Distribution
- Secure Group Management
- Authorization Management
Nagios Conference 2013 - Mike Weber - SNMP ExtensionsNagios
Mike Weber's presentation on Mike Weber.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Nathan Vonnahme's presentation on writing custom plugins for Nagios.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Nathan Vonnahme's workshop on writing custom Nagios plugins in Perl. The workshop was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
SNMP (Simple Network Management Protocol) is a great tool for monitoring, reporting and alerting on your network and is used by most enterprise level organizations. However it has a dark side. It can easily give away critical information about the system and the network. After showing how to enumerate this critical information and how it can be used in an attack, I will also discuss how to secure SNMP to prevent these kinds of attacks. This information will help those in enterprise IT security to better safeguard their SNMP from attack.
I introduced Nagios to an organisation in 2004 to track the availability of various servers and network resources. It has since grown into a system validity tool that takes the stress out of help desk. Using Python as a scripting language, I have created a suite of additional Nagios plugins that ensures:
* real-time entry of market rates
* end of day rate integrity
* common errors in manual spreadsheets
* success of backup processes
* validity conditions in MS SQL databases
* routine tracking of known chronic errors
Spoofing attacks are those attacks that attackers hide their and identity and use trusted Connection to gain unauthorized access.
روش حملات است که درآن حمله کننده هویت خودرا مخفی نگهداشته و خود را به عنوان شخصی دیگری معرفی میکند.
A Novel IP Traceback Scheme for Spoofing AttackIJAEMSJORNAL
Internet has been widely applied in various fields, more and more network security issues emerge and catch people’s attention. However, adversaries often hide themselves by spoofing their own IP addresses and then launch attacks. For this reason, researchers have proposed a lot of trace back schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP trace back schemes demanding less storage but requiring a longer search. In this paper, we propose a new hybrid IP trace back scheme with efficient packet logging aiming to have a fixed storage requirement for each router in packet logging without the need to refresh the logged tracking information and to achieve zero false positive and false negative rates in attack-path reconstruction.
Janice Singh - Writing Custom Nagios Plugins - New to Nagios and wanting to expand its use with your own
custom plugins? This presentation will show you how to write your own plugins and integrate it into Nagios.
Internet Message Access Protocol (IMAP) is a communications protocol for email retrieval and storage developed by Mark Crispin in 1986 at Stanford University as an alternative to POP.
IMAP uses port 143, and IMAP over SSL (IMAPS) uses port 993. IMAP, unlike POP, specifically allows multiple clients simultaneously connected to the same mailbox, and through flags stored on the server, different clients accessing the same mailbox at the same or different times can detect state changes made by other clients.
Network Management System and Protocol usibilityHamdamboy (함담보이)
The SNMP Version 1 RFC is:
RFC 1157. Simple Network Management Protocol
SMIv1 RFCs also apply to all SNMPv1 entities. MIB-II RFCs also apply to all SNMPv1 agent entities.
CCNA4v5 Chapter 8 - Monitoring the NetwokAhmed Gad
Chapter eight of Cisco CCNA curriculum covering three protocols used to monitor the network which are Syslog, SNMP, and NetFlow.
This is a custom presentation created manually which is different from the regular presentations provided by Cisco.
One of the most basic networking courses is provided by Cisco Systems via the Cisco Networking Academy.
The academy provides a comprehensive program allowing students to get started in information technology and have multiple certifications.
Cisco created academies in 9,000 learning institutions spread across more than 170 countries that offer the Cisco Networking Academy curriculum.
The Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
The Associate level of Cisco Certifications can begin directly with CCNA for network installation, operations and troubleshooting or CCDA for network design. Think of the Associate Level as the foundation level of networking certification.
Find me on:
AFCIT
http://www.afcit.xyz
YouTube
https://www.youtube.com/channel/UCuewOYbBXH5gwhfOrQOZOdw
Google Plus
https://plus.google.com/u/0/+AhmedGadIT
SlideShare
https://www.slideshare.net/AhmedGadFCIT
LinkedIn
https://www.linkedin.com/in/ahmedfgad/
ResearchGate
https://www.researchgate.net/profile/Ahmed_Gad13
Academia
https://www.academia.edu/
Google Scholar
https://scholar.google.com.eg/citations?user=r07tjocAAAAJ&hl=en
Mendelay
https://www.mendeley.com/profiles/ahmed-gad12/
ORCID
https://orcid.org/0000-0003-1978-8574
StackOverFlow
http://stackoverflow.com/users/5426539/ahmed-gad
Twitter
https://twitter.com/ahmedfgad
Facebook
https://www.facebook.com/ahmed.f.gadd
Pinterest
https://www.pinterest.com/ahmedfgad/
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
Non-intrusive remote monitoring of data centre services should be such that it does not require
(or minimal) modification of legacy code and standard practices. Also, allowing third party
agent to sit on every server in a data centre is a risk from security perspective. Hence, use of
standard such as SNMPv3 is advocated in this kind of environment. There are many tools (open
source or commercial) available which uses SNMP; but we observe that most of the tools do not
have an essential feature for auto-discovery of network. In this paper we present an algorithm
for remote monitoring of services in a data centre. The algorithm has two stages: 1) auto
discovery of network topology and 2) data collection from remote machine. Further, we
compare SNMP with WBEM and identify some other options for remote monitoring of services
and their advantages and disadvantages.
Best Practices? That’s like asking how long is a piece of string! While every environment is different, there are however a number of configurations, tweaks and methods that can be of great benefit for your Nagios XI environment. This talk will cover a variety of Best Practice topics for Nagios XI ranging from flexible object configurations through to back end performance enhancements.
Trevor McDonald - Nagios XI Under The Hood - What happens when a check is run? What are the parts that move behind the scenes to turn a service check into a notification? In this talk, Trevor will walk through the check process from start to finish, giving an overview of the components involved at each step.
Sean Falzon - Nagios - Resilient NotificationsNagios
Sean will be discussing several approaches to notification types for real world Nagios deployments. This will include a few methods for handling on call rosters, sending SMS from fully visualized data centers, and resilient notifications by integrating with phone systems for voice notifications.
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionNagios
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise - This presentation will take a close look at how the Enterprise
Edition of NagiosXI is used within Landis+Gyr to monitor
systems, applications, and utility networks. You will get a strong view of the full capability and possibilities of Nagios XI when leveraged with open source software products.
Landis+Gyr trusts Nagios XI over all other tools to monitor Smart Grids and more.
Dave Williams - Nagios Log Server - Practical ExperienceNagios
Dave Williams - Nagios Log Server - Practical Experience. -
This session will detail the green field deployment of Nagios Log Server in a client environment consisting of HP LAN Switches, 3PAR disk storage, HP Blade Chassis with Flex Fabric using
VMware, Hyper-V, Exchange & Citrix.
Mike Weber - Nagios and Group Deployment of Service ChecksNagios
This presentation will show how you can create groups of checks like CPU metrics, Oracle metrics or IIS metrics and push them to all of the hosts that require them. The presentation will provide a script that will allow you to select and implement hundreds of groups of checks that have been developed for NRPE, NCPA, WMI, NSClient++, NRDP and NRDS.
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationNagios
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation - Mike Merideth from VictorOps talks about the challenges of
sharing responsibility for monitoring in the DevOps world. Learn several strategies for keeping your configuration correct,
consistent, and up-to-date when several people are working on it.
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Nagios
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring as a Service - Learn about the trials and challenges Agile Networks faced while converting their Nagios XI instance over to service outside customers.
Matt Bruzek - Monitoring Your Public Cloud With NagiosNagios
Matt Bruzek - Monitor Public Cloud Use Nagios to monitor your public cloud. - No debian installer for Nagios 4? No problem! Deploy your public cloud with Juju and you can connect Nagios core services to your Ubuntu instances in the cloud. In this session, Matt will quickly go over the basic concepts of Juju and spend the rest of the time walking through examples of deploying Nagios monitoring solutions
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Nagios
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs. - Lee will present how he overcame timeperiod issues, through the use of MK_Livestatus, Pushbullet, and scripts to notify of him of alerts while he is at work. All the user needs to do is execute a command at the start of their shift, and they will receive all their notifications until their shift ends.
Eric Loyd - Fractal Nagios - Learn how Nagios XI can be used to monitor Nagios Log Server (NLS) and Nagios Network Analyzer (NNA), how Nagios Log Server and Nagios Network Analyzer can leverage Nagios XI for alerting, and how to use Nagios Log Server and Nagios Network Analyzer to monitor each other and Nagios XI and Nagios Core, including remote execution environments.
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Nagios
Marcelo Perazolo, Lead Software Architect, IBM Corporation - In this session, Marcelo will describe how Nagios can be
integrated and extended for the monitoring of a typical
power-based converged infrastructure, and how it interfaces with existing element managers to provide a single point of integration for passive and active monitoring purposes.
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Nagios
Tracking Boeing Satellites With Nagios - Learn how Nagios Core redefined support of the on-orbit fleet of Boeing satellites and changed the way Mission Operations are performed with the next generation of satellites.
Nagios Log Server greatly simplifies the process of searching your log data. Set up alerts to notify you when potential threats arise, or simply filter your data to quickly audit your system. With Log Server, you get all of your data in one location, with high availability and fail-over built right in. Quickly monitor your servers with configuration wizards and start monitoring your logs in minutes.
Learn more here: https://www.nagios.com/products/nagios-log-server/
Free download (60 day trial): https://www.nagios.com/downloads/nagios-log-server/
Network Analyzer provides an in-depth look at all network traffic sources and potential security threats allowing system admins to quickly gather high-level information regarding the health of the network as well as highly granular data for complete and thorough network analysis.
Dorance Martinez Cortes' presentation on customizing Nagios. The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference.
Mike Weber's presentation on Nagios rapid deployment options. The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
1. SNMP Protocol
and Nagios Plugins
Wiliam Leibzon
william@leibzon.org
October 1, 2013 Saint Paul, MN
2. SNMP Overview
SNMP is “Simple Network Management Protocol”
(but its anything but simple....)
● Protocol is designed by IETF to have common means of monitoring and
configuring any type of network device.
● In SNMP network systems run snmp agents, which is a software
component that answers requests from Network Management System
(NMS). Nagios Server servers using SNMP is NMS.
● Agent can also inform NMS of the events using TRAP messages.
3. SNMP Protocol
● SNMP can actually support more than just TCP/IP (also
Appletalk and IPX) but TCP/IP s is the only thing I'll talk about
● With TCP/IP it uses UDP as a transport layer. Port 161 is used
for most monitoring and configuration requests. Port 162 is
used for Traps.
● There are 3 versions – SNMP v1, SNMP v2 and SNMP v3
which differ in message format, features and authentication
● SNMP is a session-less protocol. Each request is essentially by
itself and agents do not keep record of requests. Both request
and response messages may get lost in the network. There is
no means to re-transmit or retry in the protocol but SNMP v2
and v3 do provide way to confirm receipt of Traps.
4. SNMP Objects
SNMP is a structured data query protocol
● Data is kept in variables (technically “scalar objects”) which can be one of several
protocol defined types.
● Variables are organized into Tables (“table objects”) with each variable being at a
certain numeric index of the table.
● Tables are organized into hierarchical tree with each table being a branch and index
in its parent table and so forth. This creates an address such as “1.3.6.1.6.3.1.1”
which is called “Object Access Identifier” or OID.
● MIB stands for “Management Information Base” and is a logical and administrative
grouping of OIDs, typically all OIDs included and branched out of a certain table.
● With MIB definition it is possible to assign a name to each index and each table
branch and through that give human readable name to OID. For example:
1.3.6.1.6.3.1.1 =
iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObject
● IANA keeps track of the top hierarchy of OID assignments which are delegated to
different organizations to manage on their own. Internet is technically under DoD
tree which IANA and IETF also manage. Organization make MIBs from their trees
available as text files which can be imported into NMS and used to create plugins.
5. SNMP Object Types
SNMP Objects (Variables) can have the following types:
Custom types ENUM types can also be defined based on Integer32
7. SNMP Protocol Data Units
SNMP Protocol supports the following operations
(Protocol Data Units = PDUs):
● GetRequest – retrieve data from specified variable or a list of variables
● SetRequest – change value of a variable
● GetNextRequet – Returns a response with variable binding for the
lexicographically next variable in the MIB. The entire MIB of an agent can be
walked by iterative application of GetNextRequest starting at OID 0.
● GetBulkRequest – Added in SNMP v2. Optimized version of GetNextRequest
which returns a response with multiple variable bindings walked from the
variable binding in the request.
● Trap - asynchronous notification from agent to manager. Includes current
sysUpTime value, an OID identifying the type of trap and optional variable
bindings. The format of the trap message was changed in SNMPv2 and the
PDU was renamed SNMPv2-Trap.
● InformRequest – Acknowledgement of TRAP or other InformRequest.
● Response – this is what agent sends back as response to *Request PDUs
8. SNMP versions 1 and 2
There are 3 widely implemented versions of SNMP:
● SNMP v1 (the first version of the protocol)
– defined in 1988 in RFC1065, RFC1066, RFC1067
– Authentication mechanism is single password string called “Community” sent
clear-text across network
– Number of other issues with packet format and PDUs
● SNMP v2 (and why you know it as v2c)
– 1992 IETF effort to fix v2 - RFC1441, RFC1452
– Added GetBulkRequest and InformRequest PDUs and changed SNMP data
packet format. Added 64-bit Counter and BITS variable types.
– Proposal to add authentication (known as v2u) had no consensus as a result
most companies decided to implement non-official “SNMP v2c” which is SNMP
v2 but with “Community” password string as in v1
Both v1 and v2c are extremely insecure since password is sent openly across the network. You
should never use these across open Internet and preferably not within you local intranet either. v1
is also open to attacks with malformed packets and walking the SNMP tree takes long time.
9. SNMP version 3
● SNMP v3 (the current IETF standard)
– Defined in RFC 2271, RFC2272, RFC2273, RFC2274, RFC2275 as published by IETF
in January 1998
– Based on SNMP v2c but added user authentication for security and encryption for
message privacy
– For authentication uses Username and Password (authPass) which is hashed using
MD5 or SHA1
– For message encryption (privacy) can use DES or AES protocols with shared secret
key (privPass)
– Standard MIB for adding users and setting security context (USM table – RFC2574)
– Can define users with access to certain sections of MIB tree (VASM table - RFC2575)
– Other improvements like maxMsgSize included in request message so agent knows
how large response can be
– Also other extra complexity like matching EngineID which while it can be learned with
requests becomes an issue with traps (i.e. may not be able to send traps unless trap
server contacted monitoring device at least once)
For best security use SNMP v3 with SHA1 and AES and both passwords different
10. MIB-II
With SNMP v2 (in RFC1213) IETF defined standard MIB set for TCP/IP
Protocol. These tables are supported by greater majority of systems (unix &
windows servers, most network devices) and are known as MIB-2.
● System = 1.3.6.1.2.1.1 - Defines a list of objects that pertain to
system operation, such as the snmp system uptime, system
contact, and system name.
● Interfaces = 1.3.6.1.2.1.2 – Data on status of each
interface and octets sent and received, errors and
discards, etc. Updated as IF-MIB in RFC2863.
● IP = 1.3.6.1.2.1.4 - Keeps track of aspects of IP
suc as IP routing. Updated as IP-MIB in RFC4293.
● ICMP = 1.3.6.1.2.1.5 - Tracks ICMP errors,
discards, etc.
● TCP = 1.3.6.1.2.1.6 – Tracks the state of the
TCP connections (closed, listen, synSent, etc.)
and other info. Updated as TCP-MIB in RFC4022.
● UDP = 1.3.6.1.2.1.7 - Tracks UDP statistics,
datagrams in and out. Updated as UDP-MIB in RFC4113.
● SNMP = 1.3.6.1.2.1.11 - Measures the performance of SNMP
implementation and tracks things such as the SNMP packets
sent and received. Updated as SNMPv2-MIB in RFC 3418.
12. Checking MIB-II with Nagios (part 2)
● ICMP: icmpInMsgs (1.3.6.1.2.1.5.1), icmpInErrors (1.3.6.1.2.1.5.2),
icmpInDestUnreachs (1.3.6.1.2.1.5.3), icmpInTimeExcds (1.3.6.1.2.1.5.4),
icmpInRedirects (1.3.6.1.2.1.5.7), icmpInEchos (1.3.6.1.2.1.5.8),
icmpInEchoReps (1.3.6.1.2.1.5.9), icmpInTimestamps (1.3.6.1.2.1.5.10),
icmpOutMsgs (1.3.6.1.2.1.5.14), icmpOutErrors (1.3.6.1.2.1.5.15),
icmpOutRedirects (1.3.6.1.2.1.5.20), icmpOutEchos (1.3.6.1.2.1.5.21), etc
● TCP: tcpRtoAlgorithm (1.3.6.1.2.1.6.1), tcpActiveOpens (1.3.6.1.2.1.6.5),
tcpPassiveOpens (1.3.6.1.2.1.6.6), tcpAttemptFails (1.3.6.1.2.1.6.7),
tcpEstabResets (1.3.6.1.2.1.6.8), tcpCurrEstab (1.3.6.1.2.1.6.9),
tcpInSegs (1.3.6.1.2.1.6.10), tcpOutSegs (1.3.6.1.2.1.6.11), etc.
Example of Use:
define command {
command_name check_snmp_tcpstats
command_line $USER1$/check_snmp -l "TCP (ActiveOpens PassiveOpens CurrEstab
InErrs AttemptFails EstabResets RetransSegs)" -H $HOSTADDRESS$ -P 3 -L authPriv -a
SHA -x AES -U $_HOSTSNMP_V3_USER$ -A $_HOSTSNMP_V3_AUTH$ -X
$_HOSTSNMP_V3_PRIV$ -o
1.3.6.1.2.1.6.5.0,1.3.6.1.2.1.6.6.0,1.3.6.1.2.1.6.9.0,1.3.6.1.2.1.6.14.0,1.3.6.1.2.1.6.7.0,1.3.6.1.
2.1.6.8.0,1.3.6.1.2.1.6.12.0
}
PNP4Nagiostemplate for above at: https://github.com/willixix/WL-NagiosPlugins/
blob/master/graphing_templates/pnp4nagios/check_snmp_tcpstats.php
Web References: http://www.alvestrand.no/objectid/1.3.6.1.2.1.html, or for one document see
http://jp.fujitsu.com/platform/server/primergy/products/note/other/NOS_MIB_v211.pdf
13. HOST-RESOURCES MIB
Another important standard MIB is HOST-RESOURCES-MIB defined in RFC2890 with a base
at .1.3.6.1.2.1.25. For info on it see http://net-snmp.sourceforge.net/docs/mibs/host.html
●
It has the following scalar objects:
hrSystemUptime(1.3.6.1.2.1.25.1.1) – unlike sysUpTime which is time since SNMPd was
started, this is actual host system uptime
Plugins: check_uptime.pl (used when available in preference to sysUpTime)
hrSystemDate(1.3.6.1.2.1.25.1.2) – date on the remote host
hrSystemNumUsers(1.3.6.1.2.1.25.1.5) – number of logged-in users
hrSystemProcesses(1.3.6.1.2.1.25.1.6) – number of currently running processes
hrSystemMaxProcesses (1.3.6.1.2.1.25.1.7) – max number of processes on the server
hrMemorySize (1.3.6.1.2.1.25.2.2) – total RAM on the host in kilobytes
● And it has the following tables:
hrStorageTable (1.3.6.1.2.1.25.2.3) – info on storage devices (disks, partitions), including:
hrStorageDescr – desription, hrStorageSize – size, hrStorageUsed – how much in use
Plugins: check_snmp_storage.pl (http://nagios.manubulon.com/snmp_storage.html )
hrProcessorTable (1.3.6.1.2.1.25.3.3) – info on processors (CPUs) on the system
hrProcessorLoad – avg over 1 min that cpu was not idle
Plugins: check_snmp_load.pl (http://nagios.manubulon.com/snmp_load.html)
hrPrinterTable(1.3.6.1.2.1.25.3.5) – you can use this to tell if printer is out of paper
Plugins: check_snmp_printer (search Nagios Exchange for “SNMP Printer Check”)
hrDiskStorageTable(1.3.6.1.2.1.25.3.7), hrPartitionTable(1.3.6.1.2.1.25.3.7), more...
14. Reading MIBs
MIBs are provided as text files that contain bunch of entries like this:
sysUpTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The time (in hundredths of a second) since the network management
portion of the system was last re-initialized."
::= { system 3 }
So what does it mean? Here is explanation line by line:
sysUpTime OBJECT-TYPE => defines the object called sysUpTime.
SYNTAX TimeTicks => Object type is TimeTicks
ACCESS read-only => This can only be read via SNMP but can not
be changed i.e. set-request will not work.
STATUS mandatory => This must be implemented in a SNMP agent.
DESCRIPTION... => Text description of the object. Read this carefully.
::= { system 3 } => The “::=” entry tells how object fits in MIB tree. This
says that sysUpTime is at index 3 branched out off of “system” objects table.
15. Reading MIBs (part 2)
Another type of MIB entry also exist to define new “enum” type assigning special meaning to numerical
values and explaining what they are. Here is one defining Nagios exit codes:
ServiceStateID ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "A number that corresponds to the current state of the
service: 0=OK, 1=WARNING, 2=CRITICAL, 3=UNKNOWN."
SYNTAX INTEGER {
ok(0),
warning(1),
critical(2),
unknown(3)
}
This is coming from Nagios MIB which you can find at:
https://github.com/nagios-plugins/nagios-mib/blob/master/MIB/NAGIOS-ROOT-MIB
Here is how they are used in NAGIOS-NOTIFY-MIB:
NAGIOS-NOTIFY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Gauge32
FROM SNMPv2-SMI
nagios,NotifyType,HostStateID,HostStateType,ServiceStateID
FROM NAGIOS-ROOT-MIB;
….
SvcEventEntry ::= SEQUENCE {
nSvcEventIndex Integer32,
nSvcDesc OCTET STRING,
nSvcStateID ServiceStateID,
16. Net-SNMP
Net-SNMP (homepage: http://www.net-snmp.org/) is an open-source SNMP package
often included in linux and unix distributions. If this is not included doing “apt-get install
snmp” for Debian-based or “yum install snmp” for RedHat/Suse
The project was previously known as UCD-SNMP. It includes:
● Command-Line Utilities:
- snmpget, snmpgetnext – these are used for single OID checks
- snmpbulkget, snmpwalk, snmptable - can walk the tree and retrieve multiple OIDs
- snmpset - manipulate configuration information on an SNMP-capable device
- snmpnetstat, snmppdf, snmpstatus - retrieve a fixed collection of information
- snmptranslate – can translate named OID to numerical
● Graphical MIB browser:
tkmib – graphical X-Window application written with TK for browsing MIB
● Daemon for receiving SNMP traps and notifications:
snmptrapd – one of the ways to use is send SNMP traps to syslog and from there
check them with Nagios
● SNMP agent server daemon:
snmpd – snmp daemon that provides MIB-II info and more for various Unix systems
17. SNMP Security Levels
It is useful to give example with Net-SNMP while also explaining SNMP security levels. These are:
– v1 or v2 Community – clear-text community as the only means of authentication
– v3 noAuthnoPriv - communication without authentication and privacy (still requires known user)
– v3 authNoPriv - communication with authentication and without privacy
– v3 authPriv - communication with both authentication and privacy
● This is SNMP v2 request with community as the only means of authentication
$ snmpgetnext -v 2c -C public test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83467101) 9 days, 15:51:11.01
● This is SNMP v3 “public” access which is no authentication, no encryption. Only requires valid user:
$ snmpgetnext -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83467131) 9 days, 15:51:11.31
● This is SNMP v3 authenticated request but no encryption:
$ snmpgetnext -v 3 -n "" -u MD5User -a MD5 -A "The Net-SNMP Demo Password" -l authNoPriv
test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83491735) 9 days, 15:55:17.35
● And this is both authenticated and encrypted request:
$snmpgetnext -v 3 -n "" -u MD5DESUser -a MD5 -A "The Net-SNMP Demo Password" -x DES -X
"The Net-SNMP Demo Password" -l authPriv test.net-snmp.org system
system.sysUpTime.0 = Timeticks: (83493111) 9 days, 15:55:31.11
18. SNMP and bulk requests
●
$ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets
system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999 i686"
interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
●
$ snmpwalk cisco.ora.com public system
system.ssDescr.0 = "Cisco Internetwork Operating
System Software..IOS (tm) 2500 Software (C2500-I-L),
Version 11.(5), RELEASE SOFTWARE (fc1).Copyright
(c) 1986-1997 by cisco Systems, Inc.
Compiled Mon 31-Mar-97 19:53 by ckralik"
system.sysObjectID.0 = OID: enterprises.9.1.19
system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23
system.sysContact.0 = ""
system.sysName.0 = "cisco.ora.com"
system.sysLocation.0 = ""
system.sysServices.0 = 6
Note: if you're writing shell plugin that uses Net-SNMP
you should use snmpbulkget and NOT snmpwalk
Images courtesy of http://oreilly.com/catalog/esnmp/chapter/ch02.html
19. SNMP Tables
It is common for SNMP data for a list of components on a system to be
located in tables. Instead of defining each OID, MIB defines what data
belongs in each table. One of the tables would have names or other
identifying id of the component and serve as map. Examples of these are:
network interfaces, temperature sensors, arp entries, list of ip routes, etc
$ snmptable -v 2c -c public localhost at.atTable
SNMP table: at.atTable RFC1213-MIB::atTable
atIfIndex atPhysAddress atNetAddress
1 8:0:20:20:0:ab 130.225.243.33
$ snmptable localhost -Cl -CB -Ci -OX -Cb -Cc 16 -Cw 64 ifTable
SNMP table: ifTable
Index Descr Type Mtu Speed PhysAddress AdminStatus OperStatus
LastChange InOctets InUcastPkts InNUcastPkt InDiscards InErrors InUnknownProtos OutOctets
OutUcastPkts OutNUcastPkts OutDiscards OutErrors OutQLen Specific
index: [1]
1 lo software 16436 10000000 up up
? 2837283786 3052466 ? 0 0 ? 2837283786
3052466 ? 0 0 0 zeroDotZero
Index: [2]
2 eth0 ethernet 1500 10000000 0:5:5d:d1:f7:cf up up
? 2052604234 44252973 ? 0 0 ? 149778187
65897282 ? 0 0 0 zeroDotZero
20. Setting up SNMPd
Common question is:
What do I need to get basic SNMPd working on my Linux/Unix system?
- You need snmpd from Net-SNMP package. If not installing it from source you probably
want to look for “snmpd” apt or yum package. You will also need “snmp” package.
- You need to add user for SNMP v3 access (or setup conext for v2). This is where you
will need “snmp” package.
- You may need to edit /etc/snmp/snmpd.conf and make sure the server is open on your
main network interface as by default its only open on 127.0.0.1
Here are instructions that for Ubuntu systems (remember to us different passwords !):
$ apt-get install snmp -y
# below adds read-only SNMP user “snmpuser” with authPriv security level, SHA1
# auth and AES priv protocols, authpass “@uthPass” and privpass “pr1vP@ss”
$ net-snmp-config --create-snmpv3-user -ro -a '@uthPass' -x 'pr1vP@ssr' -X AES -A
SHA snmpuser
$ apt-get install snmpd -y
$ vi /etc/snmp/snmpd.conf # and comment out 'agentAddess udp:127.0.0.1:161'
# then uncomment 'agentAddress udp:161,udp6:[::1]:161'
$ vi /etc/default/snmpd # If there remove 127.0.0.1 from the end of SNMPDOPTS
$ /etc/init.d/snmpd restart
21. Net::SNMP
Net::SNMP is a Perl Library which almost all nagios snmp
plugins written in Perl use. Its located at:
http://search.cpan.org/~dtown/Net-SNMP-v6.0.1/lib/Net/SNMP.pm
You can install it as 'cpan Net::SNMP” or search your apt or yum repository
for proper package.
This is an object-oriented perl library. It has one constructor returning session
object:
Net::SNMP::session(...) - create SNMP v1/v2/v3 session
And a number of methods available for use with $session object:
get_request(-varbindlist=@OID_LIST) - retrieve a list of OIDs
get_table(-baseoid=$OID) - retrieve SNMP Table entries,
this will do either series of get_next_request with snmp v1 or
get_bulk_request with snmp v2 and snmp v3
timeout($seconds) – sets or gets timeout
max_msg_size($msgsize) - set or get msgsize
retries($retries) – sets or gets retries, default is 1 i.e. no retry
error() - returns error from the lat operation
debug() - enables and disabled debugging mode
23. Net::SNMP - Get_request and Get_table
● Get_Request
- called as $session->get_request(--varbindlist=>@oid_list)
- returns hash array with keys being oids in the array and data
from SNMP with values that can be numeric or string
- If request fails returns undef, error in $session->error
- Example of get_request() based on code in check_uptime.pl (WL-NagiosPlugins):
$oid_sysSystem = '1.3.6.1.2.1.1.1.0';
$result = $session->get_request(-varbindlist=>[$oid_sysSystem]);
if (!defined($result)) { printf(“ERROR: Problem retrieving $oid_sysSystem : %s”, $session->error);
$session->close(); exit $ERRORS{"UNKNOWN"}; }
verb("Result OID $oid_sysSystem: $result->{$oid_sysSystem}");
● Get_Table
- called as $session->get_table(-baseoid => $table_oid)
- returns has array with keys being OIDs in the table and values SNMP data
- Example of get_table() based on code in check_snmp_temperature.pl (WL-NagiosPlugins):
verb("Retrieving SNMP table $oid_names to find sensor attribute names");
$result = $session->get_table( -baseoid => $oid_names );
if (!defined($result)) {
printf("ERROR: Problem retrieving table %s : %sn”, $oid_names, $session->error);
$session->close(); exit $ERRORS{"UNKNOWN"}; }
foreach $oid (Net::SNMP::oid_lex_sort(keys %{$result})) {
$line=$result->{$oid};
verb("got $oid : $line");
….
}
24. Optimizing SNMP code in plugins (slide 1)
1.Use numeric OIDs instead of OID names:
The first thing you can optimize on is to replace named OIDs with numeric OIDs. This helps
since named OID requires translation which is done by SNMP library which would read all MIB
files in the system, index them and lookup correct name.
2.Retrieving OIDs together rather than individually:
Many plugins retrieve a number of OIDs with individual get_request. You end up doing separate
SNMP requests for each one then. If you know all OIDs then retrieve them together
However be warned that sometimes doing get_bulk_request would be faster than get_request
on extremely long list of OIDs that are all in the same table. I think this is due to agent bugs.
3.Optimize maxMsgSize
SNMP uses UDP and you want data fit in one packet whenever possible. This can be achieved
by setting maxMsgSize to size of packet in your network minus UDP header. 1472 is good
number normally but with gigabit ethernet and jumbo frames enabled can set to 8000 or more.
But don't set maxMsgSize too large causing UDP packet to be fragmented. This can happen if
traffic goes through VPN. In that case decrease maxMsgSize to accommodate encapsulation.
In general its a good idea to have maxMsgSize as parameter to plugin for user. Perl code for
setting msgSize:
$oct_max=$session->max_msg_size(); verb(" current maxMsgSize: $oct_max");
if (defined($o_octetllength)) { $oct_resultat = $session->max_msg_size($o_octetlength); }
25. Optimizing SNMP code in plugins (slide 2)
4. Do not retrieve full SNMP tables:
Common case is plugin is called with specific name to be retrieved
(network interface name, sensor name). This can be done as:
- Pugin retrieves full names table and data using get_table() every time and
selects correct id once everything is ready
- Each time plugin first does a lookup in names table (get_table) and then
retrieves data OIDs (get_request)
With SNMP its faster to retrieve specific OIDs with get_request than use
get_table. So second case above is better than first (2 full tables)
But you can eve optimize out lookup for names table entirely by saving info
from first time plugin was called since this isn't going to change. However be
warned that this is not trivial and code gets much more complex, best to do
this if dealing with multiple tables.
What I did in check_netint.pl (sniplets from it on next slide) is to save info as
PERF data and on subsequent calls get PERF data as a parameter and
process special perf “cached” perf variable
26. Optimizing SNMP code in plugins (slide 3)
# Load previous performance data
sub process_perf {
my %pdh; my ($nm,$dt); use Text::ParseWords;
foreach (quotewords('s+',1,$_[0])) {
if (/(.*)=(.*)/) {
($nm,$dt)=($1,$2); verb("prev_perf: $nm = $dt");
$pdh{$nm}=$dt; $pdh{$nm}=$1 if $dt =~ /(d+)c/; # 'c' is added as designation for octet
} }
return %pdh;
}
# These are sniplets of code from check_netint that have to do with caching of interface name and port speed
my $descr_table = '1.3.6.1.2.1.2.2.1.2';
%prev_perf_data=process_perf($o_prevperf);
@tindex = split(',', prev_perf('cache_descr_ids')) if defined(prev_perf('cache_descr_ids'));
@portspeed = split(',', prev_perf('cache_int_speed')) if defined(prev_perf('cache_int_speed'));
for (my $i=0;$i<scalar(@tindex);$i++) {
$interfaces[$i]={'descr' => $descr[$i]};
$interfaces[$i]{'speed'} = $portspeed[$i] if defined(prev_perf('cache_int_speed'));
}
if (scalar(@tindex)>0) { verb("Using cached data:"); verb(" tindex=".join(',',@tindex)); … }
if (scalar(@tindex)==0) {
# snmp_get_table() basically does “return $session->get_table(-baseoid => $descr_table)”
$result1 = snmp_get_table($session, $descr_table, "Interfaces Description Table");
foreach my $key (keys %$result1) {
$data1 = clean_int_name($result1->{$key});
verb(" OID: $key Clean Desc: '$data1' Raw Desc: ".$result1->{$key});
if (int_name_match($data1) && $key =~ /$descr_table.(.*)/) {
$interfaces[$num_int] = { 'descr' => $data1, };
} } }
27. Nagios and SNMP Traps
● Nagios is a monitoring application primarily designed for actively checking
and monitoring systems. But Traps are initiated from monitored systems.
● Dealing with them in Nagios requires defining passive checked service and a script that can
process the trap message set this service on a proper host into CRITICAL. User action would
be required to clear CRITICAL back into OK status on this Passive service
For setup help read http://xavier.dusart.free.fr/nagios/en/snmptraps.html and
http://askaralikhan.blogspot.com/2010/12/receiving-snmp-traps-in-nagios.html and
http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_parse_MIBS_from_3r
d_party_Vendors
● Several nagios addons are available (some required) to help with setting it all up:
– SNMP Trap Translator (required):
http://www.sourceforge.net/projects/snmptt
– NSTI (Nagios SNMP Trap Interface) – Web Interface for SNMPtt config
http://exchange.nagios.org/directory/Addons/SNMP/Nagios-SNMP-Trap-Interface-(NSTI)/det
ails
– Nagios XI Trap Wizard:
http://exchange.nagios.org/directory/Addons/Configuration/Configuration-Wizards/SNMP-Tr
ap-Nagios-XI-Wizard/details
● Another alternative (which I do myself) is set up snmptrapd from Net-SNMP to log traps as
syslog message (see snmptrapd manual). Then use check_logfile to check on these.
See: http://mathias-kettner.de/checkmk_mkeventd_traps.html
28. Remote Execution with SNMP
● It is possible to use SNMP (or more specifically snmpd from Net-SNMP) to execute
remote programs. See:
http://www.net-snmp.org/wiki/index.php/Tut:Extending_snmpd_using_shell_scripts
– There are two extensions: exec (no formal MIB) in older ucd-snmpd and extend
(defined in NET-SNMP-EXTEND-MIB) in newer snmpd versions.
– This can be used to replace NRPE and works very well for small scripts and
plugins that execute fast and are unlikely to fail.
– However this is known to cause SNMPd to block and even to die entirely if script
does not execute fast
● Using with Nagios Plugins
There are several plugins available for this that allow to get data into nagios from
remotely executed plugin. I will use examples with my own check_by_snmp.pl
– check_by_snmp.pl (WL-NagiosPlugins)
this is the only plugin that allows both remote execution and cleanly saving
remote data into files or passing it as STDIN to other nagios plugins
– check_snmp_exec.sh / check_snmp_extend.sh
(http://www.logix.cz/michal/devel/nagios/)
– check_snmp_extend.py (https://github.com/nickanderson/check_snmp_extend)
29. Remote Execution with SNMP - Examples
● DRBD plugin remote executionwith snmp. DRBD plugin from
http://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_drbd/details
- Remote execution of check_drbd directly on a target host system with snmp exec. Add this to /etc/snmp/snmpd.conf:
exec .1.3.6.1.4.1.2021.202 check_drbd /usr/lib/nagios/plugins/check_drbd-0.5 2 -D All
- Command definition in nagios: define command {
command_name check_drbd
command_line $USER1$/check_by_snmp -S -O 1.3.6.1.4.1.2021.202 -H
$HOSTADDRESS$ -L sha,aes -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$
}
●
DRBD plugin executed on Nagios systm using remote data from /proc/drbd retrieved by snmp
- Here check_drbd is actually executed in Nagios, but it uses data from /proc/drbd onremote system. On remote host setup:
echo 'exec .1.3.6.1.4.1.2021.202 procdrbd /bin/cat /proc/drbd' >> /etc/snmp/snmpd.conf
- Command definition in nagios: define command {
command_name check_drbd
command_line $USER1$/check_by_snmp -S -O 1.3.6.1.4.1.2021.202 -H
$HOSTADDRESS$ -L sha,aes -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$
--exec $USER1$check_drbd-0.5.2 -p - -d All
}
●
check_linux_procstat.pl pugin executed on nagios getting remote data from /proc/stat. Plugin from
http://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/Check-Linux-CPU,-Process-Scheduler-and-I-2FO-St
ats--(check_linux_procstat-2Epl)/details (or get it from https://william.leibzon.org/nagios/)
- Can be used to get very full CPU utilization graph (download pnp plugin). Add the following to /etc/snmp/snmpd.conf:
extend cpustat /bin/cat /proc/stat
- Command definition in nagios: define command {
command_name check_snmp_linuxcpustat
command_line $USER1$/check_by_snmp.pl -T -E cpustat -H $HOSTADDRESS$ -L
sha,aes -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ --exec
$USER1$/check_linux_procstat.pl -P %FILE1% -f -w $ARG1$ -c $ARG2$
}
30. Where to read more
● Net-SNMP Tutorials and Documentation
http://www.net-snmp.org/wiki/index.php/Tutorials,
http://www.net-snmp.org/docs/man/
● O'Reilly (publicly available book chapters):
http://oreilly.com/catalog/esnmp/chapter/ch02.html,
http://oreilly.com/perl/excerpts/system-admin-with-perl/twenty-minute-snmp
-tutorial.html
● Net::SNMP Documentation on CPAN
http://search.cpan.org/~dtown/Net-SNMP-v6.0.1/lib/Net/SNMP.pm
● Nagios SNMP Plugins
http://exchange.nagios.org/directory/Plugins/Network-Protocols/SNMP,
https://github.com/willixix/WL-NagiosPlugins,
http://nagios.manubulon.com/
● MIBs:
http://net-snmp.sourceforge.net/docs/mibs/
http://www.oidview.com/mibs/detail.html , http://www.mibdepot.com/ ,
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do
31. Questions ?
Questions? Feedback?
William Leibzon <william@leibzon.org>
My Plugins on GitHub:
https://github.com/willixix/WL-NagiosPlugins
My Nagios Page: http://william.leibzon.org/nagios/