Castle Rock SNMPc Course Notes

SNMPc Enterprise Training Course

Teneo Ltd [email protected] [email protected]

Castle Rock Computing

SNMPc Enterprise Edition Version 8

Training Course

Trainer: Mike Hounsome Date: 6th December 2011



THIS PAGE IS INTENTIONALLY BLANK



INDEX

ARCHITECTURE OVERVIEW......................................................................... 5

SNMPC PRODUCT OPTIONS......................................................................... 6

SNMPC ENTERPRISE EDITION ......................................................................... 6 SNMPC REMOTE ACCESS EXTENSION ............................................................. 6 SNMPC WORKGROUP EDITION ........................................................................ 6

SYSTEM REQUIREMENTS............................................................................. 7

DEVICE ACCESS MODES .............................................................................. 7

NONE (TCP ONLY) .......................................................................................... 7 ICMP (PING)................................................................................................... 7 SNMP V1 AND V2C......................................................................................... 7 SNMP V3....................................................................................................... 8

SECTION 2 : AUTO DISCOVERY ................................................................... 9

FILTERING DISCOVERED DEVICES................................................................... 11 MONITORING APPLICATION PORTS.................................................................. 12

SECTION 3 : MAP.......................................................................................... 13

ACCESS AND ATTRIBUTES .............................................................................. 15 CHANGING THE DOUBLE-CLICK ACTION?.......................................................... 16 CONNECT TO A VNC SERVER WHEN YOU DOUBLE CLICK. ................................ 17 CONNECT MY WEB BROWSER TO A CERTAIN PORT NUMBER WHEN I DOUBLE CLICK...................................................................................................................... 17 APPLICATION MONITORING............................................................................. 17 LINK MONITORING.......................................................................................... 22 RESTRICTING USER RIGHTS AND VIEWS.......................................................... 24

SECTION 3 : MIBS......................................................................................... 26

COMPILING A NEW MIB FILE IN SNMPC .......................................................... 26

SECTION 4 : EVENT ACTIONS .................................................................... 27

UNDERSTANDING EVENT ACTIONS.................................................................. 27 USING OTHER EVENT TYPES.......................................................................... 30 MATCHING AGAINST MIB VARIABLES ............................................................... 31 HOW TO CREATE EVENT FILTERS DIRECTLY FROM THE EVENT VIEWER ............. 32 SENDING AN EMAIL ALERT............................................................................... 36 SENDING ALERTS TO A PAGER........................................................................ 37

SECTION 5 : CUSTOM MIBS/MENU’S......................................................... 40

CREATE CUSTOM MIB TABLES ........................................................................ 40 CREATE CUSTOMIZED CALCULATIONS AGAINST VARIABLES ............................... 40 CREATE CUSTOMIZED MENU ITEMS.................................................................. 41

SECTION 6 – TREND REPORTS.................................................................. 43

BASIC TREND REPORT SETUP.. ...................................................................... 43 ADVANCED TREND REPORT OPTIONS ............................................................. 47



SETTING MANUAL THRESHOLD ALARMS .......................................................... 49

USEFUL TOOLS ............................................................................................ 52

MIB BROWSER .............................................................................................. 52 SOME VALID MIB VARIABLES WITH INSTANCE.................................................. 53 TRAPSEND .................................................................................................... 54

V7 HOW TO UPGRADE................................................................................. 56

BACKUP / RESTORE PROCEDURE ................................................................... 56 UPGRADE PROCEDURE................................................................................... 57 MANAGING TASKS.......................................................................................... 57

SUPPORT....................................................................................................... 58

ADD-ON PRODUCTS .................................................................................... 60

NOTIFICATION WORKS ................................................................................... 60



Architecture Overview

SNMPc is a general-purpose Distributed Network Manager offering the following benefits over a standalone product:

By using Polling and Server components that run on multiple

computers, SNMPc can be scaled to manage very large networks. By using multiple Remote Consoles, SNMPc encourages sharing of

management information by many people. SNMPc is cost-effective because a collection of components costs less

than an equivalent number of standalone managers.

SNMPc uses the popular SNMP management protocol to poll and configure devices, workstations and servers over IP networks. Along with all the features expected in any SNMP management station, SNMPc also includes the following advanced features:

Secure SNMP Version 3 support Scaleable to 25,000 managed devices. Supports a manager-of-managers architecture Redundant Backup Server support Remote Consoles and JAVA Web access. Server and Polling Agents can run as Windows Services. Event forwarding and email/pager notifications. Audit events for user actions (login/editing) Application Service (TCP) polling Scheduled WEB and Printed Trend Reports Custom MIB Tables with Derived MIB Expressions. RMON-I user interface application. GUI Device Support development tools. Application programming interfaces with samples.



SNMPc Product Options

SNMPc includes the three product options described below.

SNMPc Enterprise Edition This is the base system for a scalable multi-user environment. Enterprise Edition includes the SNMPc Server license, one Remote Console license, and one Remote Poller license. This system can be used simultaneously by one user at the server system and by another user at a Remote Console system. The Remote Poller can be used to extend the polling capabilities to a remote polling site.

SNMPc Remote Access Extension This is a license-only option for the Enterprise Edition. This option allows an unlimited number of Remote Console users and Remote Polling agents. It also provides JAVA Console support. When using this option, you must install the server under, Win 2003, XP or 2008

SNMPc Workgroup Edition

This is a single user version for managing small to medium sized networks. The Workgroup Edition can be used on Windows 2000, 2003, NT, XP, ME, and 98 systems. All components run on a single system and support one user. The map database size is limited to 1000 objects. The Workgroup Edition does not include advanced reporting functions and it does not run as Windows Services.

The following table shows the differences between the three product options:

FEATURE ENTERPRISE REMOTE EXTENSION

WORKGROUP

Win32 Application Yes Yes Map Object Limit 100,000 1000 Distributed Scalable Architecture

Yes

Backup Server SupportYes Runs as Windows Services

Yes

Remote Poller Included

Yes (1) Unlimited

Remote Console Included

Unlimited

JAVA Console Included

No Yes

Scheduled WEB Trend Yes



Reports Scheduled Printed Trend Reports

Yes

Automatic ODBC Export

Yes

System Requirements

The following table lists the minimum recommended system requirements.

PARAMETER ENTERPRISE WORKGROUP CPU Pentium III 1Ghz Pentium II 600 MHz Memory 512 MB 128 MB Disk Free 2 GB 500 MB Screen 800 X 600 800 X 600 Mouse Required Yes Yes Server/Poller Operating System

Win XP/2K/2K3/NT1 Win XP/2K/2K3/NT/ME/98

Console Operating System

Win XP/2K/2K3/NT/ME/98

Device Access Modes

SNMPc supports various device access modes including TCP only, ICMP (Ping), SNMP V1, SNMP V2c and SNMP V3. Each mode is briefly described below.

None (TCP Only)

Null access is used for polling TCP services only, where ICMP/SNMP access is restricted by a firewall.

ICMP (Ping) ICMP (Ping) mode is used for devices that do not support SNMP but can still be Pinged to see if they are responding. This may include servers and workstations.

SNMP V1 and V2c

SNMP V1 and SNMP V2c are very similar SNMP Agent protocols that are used by most currently deployed network devices. Any device that supports V2c will generally also support V1. SNMPc uses automatic intelligence to switch from one mode to the other as needed. So in



most cases you will always select SNMP V1 as the device access mode for any SNMP device.

SNMP V3

SNMP V3 is a secure SNMP Agent protocol that supports authentication and privacy (encryption). .



Section 2 : Auto Discovery

1) Go to “Config / Discovery Agents…”. 2) A best practice is to set the layout option to “Discovered Objects” this

will place all new devices into a Submap called by this name allowing a manual layout of the map after discovery.

3) Switch to the “Seeds” tab. Ensure that a seed IP address is listed, including the subnet mask. The device with this address should be SNMP enabled, such as a router.

4) Switch to the “Comm” tab. Enter the correct community string(s) for the devices that you wish to discover and monitor. If you have more than one string in use, make sure that all strings are listed, for best results.



5) Switch to the “General” tab. Ensure that the following check boxes are selected:

Enable Discovery Use Subnet Broadcasts Enable Status Polling Enable Service Polling Enable Poll After Layout

6) Click “Restart”. Click “OK” on the information box, and “OK” again to save and exit.

7) If auto-discovery is working, you will very shortly see the map begin to

populate itself.



Filtering Discovered Devices 1) In order to restrict the discovery process to a particular section of your

network, you need to utilize the “Filters” function within the Auto-discovery configuration. Open the Discovery Agents dialogue box, and switch to the “Filters” tab.

2) Enter the IP address range that you are interested in, and Click “Add”.

Click “OK” to save and exit. The next time the discovery process runs (default is once every hour), the filters will be incorporated. Note that this will not cause existing devices not meeting the filtering criteria to be deleted from the map.



3) To specify a range, use hyphenated numbers, indicating the start and end address for the filter. For example: 192.168.1.1-48. This will include all addresses between 192.168.1.1 and 192.168.1.48, inclusive.

4) To specify all 255 addresses in one of the byte-sections of your

address range, use the wildcard character “*”. For example: 192.168.1.*. This will specify the entire class-C subnet.

5) Use combinations of wildcards and ranges to broaden your filtering

criteria, without the need for many different rules. For example: 192.168.1-8.*. This will specify the entirety of all eight class-C subnets.

Monitoring Application Ports Whilst discovering nodes on the network, SNMPc can also test to see whether they are ‘listening’ on certain port numbers. Four port numbers are already defined in SNMPc: Web (80), SMTP (25), Telnet (23), and FTP (21). If these ports are selected in the auto-discovery configuration dialogue box, SNMPc will attempt to connect to each of these ports in turn, for every device that is discovered. If the device answers on that port, it’s properties on the map will be set to reflect this, and SNMPc will continue to scan that port as a normal part of the polling and monitoring function. No actual session will be carried out as part of this monitoring.

More detailed application monitoring is discussed within Section 3



Section 3 : MAP Map Layout Best Practices

The layout of the map is actually very important when it comes to alerting as the location of devices within a map can aid in the diagnosis of issues occurring on the network. We recommend that the root subnet just include Site Locations as Submaps as shown in the example below this allows an overview of your network and highlights the locations where any issues are occurring.



Map Object Properties

If you Right click on the map device and then click Properties you can view the settable options for the device.

Use the Edit/Properties menu to change the attributes of one or more selected objects. To edit multiple objects, all selected objects must be of the same type (submap, device, link, or network). The Edit Object Properties property sheet will be displayed.

The first page of the Edit Object property sheet contains the following fields:

Field Description

Label The Object label that appears in a submap view

Type The Object type (submap, device, link, network)

Address Object IP Address or Goto submap name

Group The Object sub-type or category. Use the ">>" button to add new categories.

Icon Icon name for non-line objects

Descr A textual description of the object



Access and Attributes

The Access and Attributes pages contains the following items:

Field Description

Attribute The selected attribute name

Value The current value of the selected attribute. Change this field to change the attribute.

Browse (>>) Button

Use this button to browse possible selections for the attribute value.

Attr List This list box shows all attributes and values for the selected objects. The set of attributes is different depending on the type of the selected objects. Select an attribute from this list to modify it.

The Access page contains parameters that determine how a device is accessed (Ping, SNMP V1, V3, etc.) and associated passwords, where required.

The Attributes page contains type-specific attributes. This includes background bitmap/scaling information for submaps and polling parameters for devices.



Some object attributes are changed indirectly, rather than by using the Edit/Properties command. For example, object position is changed by drag-and-drop operations.

Changing the double-click action?

When you double-click on an icon in SNMPc, an action will be performed. By default, the action is to open the hubview application. This can be changed to execute a bitview script, initiate a telnet session, or open a web-browser based interface. This can be done on a per-device basis, or it can be done on a global level. To set the global behaviour, click on “Config / Default Object”. The attribute “Exec Program” is the default action that will be performed when a double-click is performed. Remember that changing this parameter after the map has been populated will not affect the existing icons. This is because the default object settings are standard settings to be applied to new objects. To change each individual node, select it and right-click on the icon and choose to view the properties. Switch to the “Attributes” tab. A number of pre-defined actions exist. Specifically these are: [ApiPrograms] AUTO=auto.exe

BITVIEW=bitview32.exe $i $w BROWSER=browser.exe $i $w FTP=ftp.exe $a HUBVIEW=hubview32.exe $i $w WEB=iexplore.exe $a TELNET=telnet.exe $a TFTP=tftp.exe $a TRAPSEND=trapsend.exe $w

Auto will reference the hubview application.

Executable files ought to be copied to the SNMPc directory for ease of use. Alternatively they can be referenced via a full directory path.

Dollar strings are used to pass arguments to the executable program. Often this will be “$a” for the IP address. For a longer list of dollar strings, see Section 4 – Event Actions. To ease the setup of several new double-click actions, you may want to edit the snmpc.ini file. Follow the format as listed above and re-start the SNMPc software. Your new actions will now be listed in the drop-down menu for “Exec Program”.



Connect to a VNC Server when you Double Click. Any executable application can be triggered from SNMPc, under a variety of conditions. To specifically cause SNMPc to open a connection to a VNC server, copy the VNC viewer application into the SNMPc installation directory. Edit the properties of the device to allow an exec program of “vncviewer.exe $a”. A double-click will now initiate your VNC session. To make VNC a standard option for double-click actions, you may want to edit the snmpc.ini file to include “VNC=vncviewer.exe $a” in the API Programs section.

Connect my web browser to a certain port number when I double click.

When running actions that may include web front-ends for devices, you may require to hit different port numbers from the standard port 80. To configure SNMPc to allow these difference port numbers, edit the “Exec Program” field and change the parameter to: iexplore.exe http://$a:[port number]/ For example, VNC servers offer a web interface, running on port 5800. To connect to this, use: iexplore.exe http://$a:5800/

Application Monitoring

SNMPc can be used to monitor the status of an application by polling its TCP application ‘port’. Up to 16 application ports can be defined per icon. You can also configure SNMPc to send a text string to the application port and then look for an ‘expected reply’ in the response. This allows you to provide advance monitoring that for example not only checks that a web servers HTTP port is open but also that the website homepage is loading correctly.

This first example will show how to poll a web server and ensure that the server is generating the home page correctly. The second part of this guide covers how to configure new applications to be monitored.

To edit an existing icon, right click on the icon and choose Properties. If this is a new icon then from the main window select the ‘Add device’ icon.



When prompted define the device Label and Icon that you wish to use. Set the Address to the web URL (i.e. www.google.com).

If SNMP is not enabled on the web server (it probably will not be if this is a public server) select the Access tab and change the Read Access Mode to ICMP Ping

Select the Attributes Tab. As this is a website it would be useful to launch Internet Explorer and browse to the site when the icon is double-clicked. To configure this select the EXEC Program variable. From the pull down list choose iexplore.exe $a.

SNMPc 7.0 comes with a predefined list of services that can be polled. These cover common protocols including HTTP, FTP, DNS, POP3, SMTP etc. A full list of the pre-defined protocols and descriptions is included in Appendix A of this guide.

To choose one of these predefined services select TCP Services and click on the Value pull down. If you want to select multiple services to be monitored double-click on TCP-Services and use the Add option on the resulting screen. Up to 16 services per icon can be configured.

In our scenario we want to ensure that the home page is being displayed correctly. Therefore we select the HTTP option.

Select OK to confirm the changes.



Defining your own application ports.

SNMPc 7.0 gives you the ability to monitor the health of any TCP based application by sending a string to the application port and monitoring the response.

To define a new application double-click on TCP-Services. This will open the Poll Services… window.

The previously discussed HTTP service checks to see the default web page is displayed correctly. SNMPc sends the following string to the web server on port 80.

HEAD / HTTP1.1\r\nHost: SNMPc\r\n\r\n

/r = Carriage Return

/n = Line Feed

When a web page is generated correctly it displays as part of the html response

HTTP/1.1 200 OK

Therefore the Expect String is configured to monitor for the response HTTP/1.1 20*.

In this example we will create a custom service monitor for MySQL (www.MySQL.com). MySQL runs on TCP port 3306. If you do not know the TCP port number for your application a quick search on Google for “’Application Name’ TCP Port” will normally display it.

To analyze what information the application displays when it is polled you can either Telnet to the port number or use a packet analyzer to monitor the application. Ethereal (www.ethereal.com) is a useful free analyzer tool which runs on both Windows and Linux platforms.

To create the new service, enter a Service Name and the TCP Port Number.



The Send String and Expect String can be defined as required. Special characters in the Send String include:

/w = Pause for 1 second before sending

/r = Carriage Return

/n = Line Feed

SNMPc 7.0 includes a Test option that can display what information the application is returning. This is an excellent way of evaluating your settings.

Select the Test button and a new Window will be presented showing the output from the application. In our scenario we can see that when MySQL is accepting connections it returns a series of characters including the MySQL version number and platform (4.0.18-nt). This is the string therefore to match on.

Select OK to close the Test Poll Service screen and enter the text *4.0.18-nt* in the Expect String field.

‘*’ is a wildcard. By using it at the beginning and end of the text it means that the string will be matched as long as it appears somewhere in the text.

To ensure that the Expect String will be matched select the Test option again. You should see ‘MySQL succeeded ‘*4.0.18-nt*’ found.’ displayed

You can then select OK and Add to add the service to the list of available services to be polled.

Up to 16 services can be defined per icon.



Appendix A – Predefined Applications

Service ‘Name’ TCP Port Comment

*Web 80 Simple Poll to check service availability

*FTP 21 Simple Poll to check service availability

*SMTP 25 Simple Poll to check service availability

* Telnet 23 Simple Poll to check service availability

AnonFTP 21 Checks that an anonymous user can log into the FTP site

Apache 8080 Checks that an HTTP page can be loaded successfully

DNS 53 Simple Poll to check service availability

ECHO 7 Checks that a test string is successfully returned

HTTP 80 Checks that an HTTP page can be loaded successfully

IMAP 143 Checks that the service is ready to accept mail

Microsoft SQL Server (MSSQL)

1433 Simple Poll to check service availability

NNTP 119 Checks that the news service is active

POP3 110 Checks that the mail service is active

SMTP 25 Checks that the mail service is active

____________________________________________________



Link Monitoring

A key test for wide area network connections, is the status of any WAN links connected to a routing device. Frequently, when a leased line fails, the router that terminates the line is not affected. If you still have connection to the device via Ethernet, or a backup ISDN link, a status test can be performed to inform you that it is the line that has failed, rather than any other part of your infrastructure.

1) Edit your router’s properties on the map. On the “Attributes” tab, locate the attribute “Status Variable”. Highlight this, and click the browse button (>>).



2) Any variable may be chosen for status tests. For a WAN link, choose “mgmt / interfaces / ifTable / ifOperStatus”. This variable requires an argument to identify the interface of the router that we wish to test against – add the interface index number to the value so that it reads: RFC1213-MIB|ifOperStatus.2. The appropriate interface index number can be checked by viewing the interface table for the device.

3) The attribute “Status Value” must be set. This may be chosen from a pre-set list, via drop-down menu. We want to choose “up”. This is is the value we expect to see when the link is working OK.

4) Click “OK” to save the test.

5) Event actions can be triggered by the failure of this test. The

appropriate event action filters are “Snmpc-Status-Polling / pollStatusTestFail” and “pollStatusTestPass”.



Restricting User Rights and Views Within the Config/User Profiles section you are able to set user access rights including the access level and also the submap views.

Access Level Capabilities

Supervisor Full access to all SNMPc capabilities. The Administrator user always has this access level.

Operator Read-only access to database files. No access to privileged information (e.g., Set community names, user information). Read/Write access to devices using SNMP operations.

Operator (Edit)

Read-Write access to map/report information. No access to administration settings (Config menu). Read/Write access to devices using SNMP operations.

Observer Read-only access to database files. No access to privileged information. Read-only (Get) access to devices using SNMP operations.

Service Ability to add objects to the map and change polling attributes. Permission to send private RPC messages. Only the Remote Poller user can have this access level.

The View restriction is particularly useful when used in an MSP environment.



How to set a map background image

Save the image as a bitmap (.bmp) file to the SNMPc bitmaps subdirectory.(Normally c:\Program Files\SNMPc Network Manager\bitmaps)

In SNMPc click on the ‘background’ of the map with the left mouse button. This will ensure that you have no icons selected.

Right-click on any part of the background map and select Properties.

Select the Attributes Tab. Click on the Bitmap variable. By selecting the Value pull down you will be able to select your image.

Tip: SNMPc can automatically scale you image to fit the window size. Often this can make your image appear in a ‘letter box’ format similar to that seen when viewing a widescreen movie on a regular TV. You can avoid this by setting the background color of your image to the standard one used by SNMPc.

The color setting in Microsoft Paint is: Hue:120; Sat:240; Lum:60; Red:0 Green:128; Blue 128.



Section 3 : MIBs

Compiling a new MIB file in SNMPc

A MIB is basically a list of questions to ask a device, there are Standard MIBs that can be found within the mgmt folder of the MIB selection tree which most devices will respond to. Users also have the ability to install private MIBs which enable the users to gather device specific information.

A MIB file will contain information such as the variables that a device supports and also the alerts that it can generate. You can normally download MIB files from either the manufacturers Web site or online resources such as www.mibdepot.com.

1) SNMPc is expecting the mib file to have a ‘.mib’ suffix. If your file ends in ‘.txt’ or ‘.my’ you can normally just rename them.

2) Save the mib files to the SNMPc /mibfiles sub-directory. Assuming that you accepted the installation defaults the complete path will be C:/Program Files/SNMPc Network Manager/Mibfiles

3) From within the SNMPc console select the Config/MIB Database… Menu

4) Select Add and then highlight the names of your MIB files. You can highlight multiple files by pressing and holding the CTRL key. Select OK when you have highlighted all the MIB’s that you wish to add.

5) Select Compile. Any Errors or Warnings will be saved to the History section of the Log file. Select the History TAB under the event listing and scroll up to view a description of any errors. Errors with MIB compilation are displayed in white.



Section 4 : Event Actions

Understanding Event Actions

Event Actions are the sequence of actions that are performed when certain criteria are met. This may be the receipt of a certain type of trap, the failure of a status test, or the occurrence of a device going down. Each different event can have completely different actions associate with it, including sending email alerts, pager alerts, or re-painting the map icon. Most MIB files will have some actions associated with them, but not all; these will be vendor specific, and normally associated with particular traps that the devices can send to SNMPc. We will concentrate on the generic SNMPc events that are triggered through the normal process of monitoring.

1) On the “Event Actions” view of the selection tool, locate “Snmpc-

Status-Polling”. This sub-directory contains all of the standard SNMPc polling-related events.

2) To configure an event to occur when a device goes down, choose

“pollDeviceDown”. There will already be a default action defined, that is a ‘catch-all’ event – every time the pollDeviceDown event occurs, this default action will occur, unless there is a more appropriate action, such as one that has been configured to run when a specific device fails. You can configure the default action.

3) Right-click on pollDeviceDown, and choose “Insert Event Filter”. In the

new dialogue box, name your new event.



4) You may want to change the message that gets printed into the event

log, so that it contains extra information. There are a series of dollar strings that will allow you to pick up information directly from the node on the map. Common dollar string arguments would be $a, for the IP address of the node, and $n, for the name of the node. A more complete list follows: For example “Switch $n in $P is DOWN” would return Switch <Object Name> in <Parent Map> is DOWN

Argument Displays $$ The dollar ($) symbol $V Expanded event message (use this argument when

adding a Run Program setting in the Actions dialog). $W Console frame window number $L License sequence number for ODBC node ID $M Server IP Address $R Address of sending entity (could be the same as the target

device, or it could be a Polling Agent address) $F Event Action Filter name $f Event Action Filter database record number $O Trap Name as a textual string $o Trap Object Identifier in dot format $P Device parent submap name $A Address of target device (device that the event is about) $T Trap Community Name $x Date the event occurred, in local format at server $X Time the event occurred, in time zone of server $@ Time the event occurred, in seconds since Jan 1, 1970 $U Value of sysUpTime in the event trap $N The map object name of the target device $B The map object MAC address of the target device $D The map object description $h The map object group number of the target device $H The map object group name of the target device $N The map object name of the target device $i The map database record number of the target device $G The Get Community name of the target device $S The Set Community name of the target device $E The timeout attribute, in seconds, of the target device $Y The max retries for the target device $P The name of the map parent subnet object $C The number of variables in the event trap $* All variables as "[seq] name (type): value" $-n The nth variable as "name (type): value" $+n The nth variable as "name: value"



$n The nth variable as “value” $^n The name of nth variable $&n The index of nth variable $>n All variables from the nth as "value" $>-n All variables from the nth as "[seq] name (type): value $>+n All variables from the nth as "name: value

5) To match the event to a particular node, or group of nodes, switch to the “Match” tab. To match against specific devices, click the “Add” button, and choose your required nodes. To match against a group type, use the drop-down menu marked “Node Group”. This will pick any nodes that are members of the given groups (this is configured on per-node basis, under the properties tabs).

6) Switch to the “Actions”

tab. Choose the priority of the event – the colour that the icon will get re-painted on the map. Note that higher priority events will over-write lower priority events, when more than one event is applied to a node at the same time.

7) Other options exist on this dialogue window, including ODBC export, email, pager, or pop-up alert windows. Click “OK” when all required options have been set.



Using Other Event Types

We have used the pollDeviceDown event as an example for this section. The mechanism is the same for other types of events, including those generated for Status Variable and Manual Threshold Alarms. The following table shows common SNMPc events and when they occur. EVENT SUBTREE TRAP NAME DESCRIPTION Snmpc-Status-Polling

pollDeviceDown Device has not responded for three consecutive poll sequences1.

pollNoResponse Device failed to respond to one poll sequence1.

pollRequestRejected Device rejected the sysObjectId.0 or the user-set status polling variable.

pollResponse Device responded to a poll sequence1.

pollServiceDown Could not connect to the TCP port after three consecutive attempts.

pollServiceNoResponse

Could not connect to the TCP port after one attempt.

pollServiceResponding Connection to TCP port OK.

pollStatusTestFail Status variable test failed.

pollStatusTestPass Status variable test passed.

Snmpc-System-Info

pollAgentConnect SNMPc polling agent connection to server established.

pollAgentDisconnect SNMPc polling agent connection to server lost.

Snmpc-Threshold-Alarm

alarmAutoThresholdExpand

Trend auto-baseline moved higher.

alarmAutoThresholdReduce

Trend auto-baseline moved lower.

alarmAutoThresholdSet

Trend auto-baseline initially set.



alarmAutoThresholdTrigger

Trend auto-baseline exceeded,

alarmManualThresholdTrigger

Trend manual alarm passed threshold.

alarmManualThresholdReset

After being triggered, a trend manual alarm no longer passes the threshold test.

snmp-Traps authenticationFailure Trap generated by a device on an illegal access (bad community name).

coldStart Trap generated by a device after it restarts.

linkDown Trap generated by a device when a link fails.

linkUp Trap generated by a device when a link that was down recovers.

Note 1: A poll sequence occurs repeatedly every Poll Interval seconds. During each poll sequence, a poll is sent and a reply expected within the Poll Timeout period. If no response is received during the timeout period, the poll is sent again immediately (retried). Up to Poll Retries attempts will be made during a single poll sequence. If the retries all fail then the poll sequence fails. The Poll Interval must then elapse before another poll sequence is attempted.

Matching against MIB variables

Event triggers (such as traps) may contain MIB variables, and these can be used as extra matching criteria when creating event actions. For example, a variable in a trap may define the username that was used in a login process. For username1 you may require a different event action from username2. It is not possible to modify the list of variables that are available in the ‘match’ dialogue, as these are defined by the MIB tables, and are dependent on the SNMP agent operating on the managed device itself. Often the available variables have a number of possible pre-defined settings. Where this is the case, only the pro-offered options may be chosen, and this is done from the VarValue selection field. Where many variables are available, leaving them set to the default of * means that any value may be matched – the filter remains unrestricted.



Example: the pollResponse Event, after a system reboot The Event Action “pollResponse” contains a variable “pollLastStateDown”. This variable is set from the previous polling state of the node on the map. If the node has never been polled before, either because it is newly added to the map, or the SNMPc server has recently been rebooted, the value of pollLastStateDown will be ‘no’ – the last known state was not ‘down’. If the device goes down, and comes back up again, the variable value becomes ‘yes’.

1) Create your event filter as above. 2) Upon setting your matching criteria, locate the variable

“pollLastStateDown” from the Var List. Click on it to highlight it. The Var Value field above will show the current setting of the match (*).

3) Use the selection box to choose the required value. We are creating an

event to behave differently when SNMPc has been rebooted, as opposed to when the managed node has gone down, so we want to choose ‘no’.

4) Set your actions as required.

This setup might be applied when you use a system of notifications to alert operators to events. Upon rebooting SNMPc, every map object would receive a pollResponse, and notify the operators, where this is actually not useful to you. With this event filter, you can avoid sending the notifications upon reboot, but retain the notifications when the nodes do actually go down and come back up again.

How to create Event Filters directly from the Event Viewer

Event Filters determine the action that SNMPc takes when a trap is received or an event is triggered. SNMPc 7.0 supports the ability to create an event filter directly from a trap or eventdisplayed in the log view.

SNMPc can create an event filter without requiring the correct MIB to be compiled. It is good practice though to add the relevant MIB’s where possible. If the correct MIB is compiled SNMPc will be able to decode the variables contained within the SNMP Trap. There are separate How-To guides which cover MIB compiling.

In the following example we will create an Event Filter to match on a trap received from a UPS device. When the power is interrupted the UPS sends a trap to SNMPc. The log view is displayed below



This is a pretty typical display for a Trap received without an event filter. Using an event filter we can customize SNMPc so that it displays the trap in a more readable format.

The first stage in creating the event filter is to decide which variables are of use in the trap message. To view the trap variables, right-click on the event message and choose Event Properties. You will see a display similar to the following:

The variable number is displayed in [brackets]. Therefore in this example

Variable 1 is upsEstimatedMinutesRemaining.0 (Integer): 60; Variable 2 is upsSecondsOnBattery.0 (Integer): 3600; Variable 3 upsConfigLowBattTime.0 (Integer) 15; etc.

Within SNMPc to include a trap variable as part of an event message you use the Event Parameter ‘$(variable number)’. Therefore from the example:

$1 = 60 (upsEstimatedMinutesRemaining) $2 = 3600 (upsSecondsOnBattery) $3 = 15 (upsConfigLowBattTime)

In this guide we will create an event message that displays:

UPS on Battery: Estimated battery life: XX minutes, time on battery YY seconds.

Therefore the event ‘message string’ would be

UPS on Battery: Estimated battery life: $1 minutes, time on battery $2 seconds.



SNMPc has a comprehensive range of ‘Event Parameters’ that can be used in the event message. A full list is included in Appendix A of the Getting Started guide.

To create an event filter simply right click on the event and choose Add Event Actions.

There are three options provided in the menu

For Map Object.. The event filter will only be matched if the trap is received from this device

For Map Object Group… The Event Filter will be matched by any device in the same node ‘Group’. You can view or configure a node group by right-clicking on an icon and choosing Properties.

For All Map Objects... The event Filter will match on the trap irrespective of which device generated the alert.

In this example we will create an event filter that will match on the trap irrespective of which device on the network generated it. Therefore we choose For All Map Objects.

You will now be presented with the Add Event Filter window.

In the Message area enter UPS on Battery: Estimated battery life: $1 minutes, time on battery $2 seconds.



Under the Match Tab you can specify to match on variables within the trap or on the device that generated the trap.

The Match tab allows a great deal of flexibility with event response. The example shows an event filter that would ‘match’ only if the value of Estimated Battery life was less than 30 minutes. This could be useful for example if you wanted to create several courses of action. One filter could generate a general email to be sent to the support team when the UPS went on battery. The second filter generates a pager notification to be sent to the support manager if the battery time remaining was under 30 minutes.

The Actions tab allows you to specify the actions for SNMPc to take when the event filter conditions are met. The range of options include the color of the icon and event message; paging and email messaging; ability to run a program or batch file; play WAV sound or forward events to another management system. A full description of the options is included in the online help.

In this example we are going to

specify that this is a critical alarm and should be displayed in red. Also the users in the Default group will be paged.

Select OK to add the Event Filter.

When the Trap is received you should now see a customized event message.



Tips and tricks:

SNMPc includes a Trap Sender Tool which allows you to spoof traps from any MIB that has been compiled into SNMPc. It is available from the Tools menu. The following screenshot shows the configuration of the Trap Sender to generate the alert used in this example.

Sending an email alert

A favourite method of alerting operators to the fact that an event as occurred, is via email. Before starting to configure email alerting, you must have:

The IP address of your SMTP srver Email addresses for anybody whom you wish to send emails to.

SNMPc will only support the SMTP protocol for sending email, so servers running other protocols MUST have an SMTP gateway available if you wish to send messages from SNMPc.

1) Go to “Config / Event Options”. Enter the IP of the server in the field “SMTP Server Address”.

2) Enter the email address that you want your alerts to be from, in the

field “Email From Address”.

3) Enable the option marked “Enable Tracing to History Log”. This will help in troubleshooting the email process.

4) Go to “Config / User Profiles”. Create or modify user details for each

person to whom you wish to send emails. For each user, they must have an email address, and be part of a group, for notification purposes. Enter a value into the field “Group 1”. Ensure that the boxed marked “Always send email” is selected.



5) Select the event action for which you wish to receive email alerts, and

edit it’s properties. Switch to the “Actions” tab, and change the email group to be value that you defined in step 4.

6) When the event action occurs, the History log will display the fact that

an email alert has been attempted, and a log will be written. A successful attempt ought to look something like this:

evmail: proc status - procID = 0, procHandle = 716 evmail: addq(1) [email protected], Critical 10/01/2001 12:07:53 New_Object Device Down evmail: proc started evmail: sendmail srv=192.168.1.1 [email protected] mesg=Critical 10/01/2001 12:07:53 New_Object Device Down evmail: transmission OK evmail: proc stopped normally

Sending Alerts to a Pager

Air Messenger Pro (AMP) is a paging application which is bundled with SNMPc Workgroup and Enterprise. It allows you to deliver text message alerts to your pager or cell phone. Most people will be using a dial-up modem to deliver the page. There are two stages to successfully configuring AMP to operate with SNMPc.

1) Configure AMP and successfully send a ‘test’ message 2) Configure SNMPc to initiate the page in the event of an alarm.

Stage 1 – Configuring AMP Before configuring AMP you will need to know: 1) The protocol that your carrier uses (TAP, WCTP, Fleet Sync, SNPP etc) 2) The phone number to dial and any passwords that are required 3) Modem Settings 4) The cell phone/pager number to deliver the message to.

There are various resources on the Internet which lists this information. One such resource that allows you to search by state can be found here.

In this example we will be sending a page to a Verizon Wireless cell phone in California. The contact details for Verizon are: 1) Protocol – TAP 2) Dial Number – 1-866-823-0501 (no password

required) 3) Modem Setting – 1200-19200 baud (AMP default 1200) 4) Example Users Phone Number – 408-111-1111

Configuring the Service Provider



Start Air Messenger Pro and select the Settings/Service Provider Menu

In the resulting window select ‘Add’ and complete the details for your provider as appropriate. Ensure that you add any additional numbers you need to dial to reach an ‘outside line’. In this example we are using ‘9,’.

Select OK to add your provider.

Configuring the Subscriber details.

The most important thing when adding the user to be paged is that the user name must match exactly the name used in SNMPc. The name matching is case sensitive. If the names are different then the page will not be delivered. In this example we will be using the default SNMPc user ‘Administrator’. Select the Settings/Subscribers menu and in the resulting window select Add. Complete the user information as appropriate. Usually this is just the SNMPc User name and pager/cell phone number

Select OK and Done to return to the main window.

To test your configured settings highlight the username and type some text in the main AMP window. Then select Message/Send Now to send the text to the pager. If all is configured correctly you should receive the message. In the bottom right hand corner of the window AMP will list the actions that it is taking. This can be a useful troubleshooting aid. If the message is successfully received then you can configure SNMPc.

Stage 2 - Configuring SNMPc. To configure SNMPc to send pager alerts first select the Config/Event Options… menu and ensure Enable Tracing



to History Log is checked and that the Pager Application is set to Air Messenger Pro – No Q. When you have successfully tested the paging functionality you can disable the tracing option.

Select Config/User Profiles... If you are using the default user then highlight Administrator and select Modify. In the resulting window change the Page Type to Alphanumeric.

Select OK to confirm the changes.

Select OK.

It is recommended that when testing the paging functionality that you select the History tab on the event log. This will allow you to see status messages between SNMPc and the Air Messenger Pro application.

The following event view shows a successful connection between SNMPc and Air Messenger Pro

Tips If you are running SNMPc Enterprise as a service then AMP must also be running as a service. You can configure AMP to run as a service from the Settings/Service menu.



Section 5 : Custom MIBs/MENU’s

Create custom MIB tables The SNMP protocol allows variables to be grouped into tables, containing a sequence of variables that are related in some way. Either they relate to similar types of system information, or they are a product specific variable, as supplied with your devices by the manufacturer. When you are interested in a series of variables that are not all held within the same table, it may become useful to create a customized table that contains only the variables that you are interested in.

1) In the selection tool, switch to the MIB tab. 2) Go to the custom tables item, right-click, and choose “Insert Table”.

3) Name the new table.

4) Use the browser function on the left to locate the variables that you are

interested in. Highlight these items and press the “Selection” button to add it to the table. When you have added all of the variables that you want on the table, click “OK”.

Create customized calculations against variables Sometimes you may wish to perform a calculation against variables, before you graph them. This would allow you to report Octets as Kilobytes, or turn a gauge variable into a percentage. Doing so requires you to build a custom MIB table, as above.



1) Having created your custom MIB table, as above, containing the variables that you wish to calculate against, continue to edit the table, and press the “Expression” button. A new dialogue box will appear.

2) Name your expression.

3) Using the selection of variables and the calculation functions, build

your expression following the customary rules governing computerized calculations. Note that the “Time” button will invoke the polling interval since the calculation was last performed, in seconds. In other words, if your graph is being updated every 10 seconds, the value of the time function is 10. Change the polling interval, and the value of the time function will vary accordingly. Click “OK” when you have finished.

4) In order to ‘tidy up’ your custom table, removing any variables that you

have no interest in, in their un-calculated form, simply highlight them, and click the “Cut” button. The calculations that used these variables will not be altered by these changes. Click “OK” to save the table.

Create customized menu items

Sometimes an action is frequently required, so it becomes useful to access that at a single click of the mouse. Such an action may the triggering an external program or it may be viewing a table or graph of variables.

Items can be added to the right-click popup menu, to the help menu, or to the tools menu. The procedure for each is the same, but you must insert the menu option in the required category.

Adding items to the right-click pop-up menu 1) Use the selection tool to choose the “Menu” tab. Expand the “Manage”

option, right-click and choose “Insert menu”. 2) Name your menu item. Remember that this may be an action choice,

or it can be the subject header for a new pop-up list of further options.



3) Choose your object type. Options are: Table – Displays a MIB table as chosen from the MIB tree List – see ‘Table’ Edit – Opens the ‘Edit Table’ dialogue box, for the chosen MIB

tree Graph – Displays the graph for the chosen MIB tree. You may

want to add an interface argument for this option, to view specific interface numbers

Chart – Displays the graph information, formatted for a bar chart Pie – Displays the graph information, formatted for a pie chart Dist – Displays the graph information, formatted for a distribution

chart Run – Triggers a chosen external program, with the supplied

arguments Set – Allows the configuration of a variable Popup – Parent option for a new list of menu options Separator – A dividing line within the list options

4) Use the “Arguments” drop-down menu to choose an external program (with arguments) that you wish to run.

OR Use the “>>” button to access the “Browse MIB tree” dialogue, to choose a table or variable. Add any interface arguments to the MIB variable in the format “.1” to specify the interface index number (to check the number that you require, view the interfaces table, and note the index number of the required interface).

5) Click “OK” to save the menu item.



Section 6 – Trend Reports

Basic Trend Report Setup.. Having populated your map, you may want to start reporting on the different performance aspects of your network, for example the utilization levels on a kilostream circuit.

1) Select the device from your map, that you wish to create a report on. Switch to the Trend Reporting tab on the selection tool (the left-hand pane of the main window), right-click and select “Insert Report”.

2) Name your report.

3) Choose a type of pre-defined report from the drop-down menu marked “MIB Table”. If a customized report is necessary, use the button marked “>>” to locate a specific MIB variable or custom MIB table to use within the report.

4) Use the “Instances” button to check on the variables that will be

reported, and for what instances. Normally, an instance will be an interface on the device – each different interface may have different traffic profiles from its fellows. The instances that are going to be incorporated into the report should be selected from the right-hand side of the selection tool, and added to the listing on the left-hand side. Remember that if you only wish to report on a small number of instances, all of the other instances need to be excluded from the report. Additionally, each instance can be edited to show a name on the report, rather than just a number.



5) You may wish to select or de-select the checkbox marked “Counters / Expressions Only”. By default, this box is checked, and this will cause SNMPc to perform a calculation on variables that it reads. This would be useful for variables that are counters, such as Octet throughput, which are constantly incremented as traffic flows through an interface. For graphing purposes, it is not useful to see a trend that constantly grows, but rather you would want to see a trend that rises and falls depending on traffic levels. The calculation that is performed is merely a comparison of the current reading against the previous reading. Where your variable is exactly that, you do not want to perform such a calculation, as this would invalidate the results on the graph.

6) Set your polling interval. The default interval is 10 minutes, but if you

want increased granularity in the data, reduce this value. The interval should be increased, for decreased granularity. Remember that the more frequently you perform a report, the more overhead you are placing on your SNMPc server.

7) Switch to the tab marked “Export Destinations”. Here you can control

where your reports get generated. The default setting is for web reports – the reporting engine will create a series of web pages that show the reports. These can be viewed through a web browser either by opening the appropriate files, or through a web server, if you choose to set the appropriate virtual directories. Reports can also be sent straight to the printer, or simply in text format, to a file for external analysis, perhaps in a database or spreadsheet.

8) Select the format of the reports that you require. This can be chosen from a series of different report types, such as pie charts, histograms, etc. Also chose the frequency with which these reports get created.



This may be hourly, daily, weekly, monthly, or any combination of these.

9) Switch to the “Page Layout” tab. Choose here on the nature of the

reports that you require. The option to have reports in “Single Instance / Multiple Variables” form will create individual reports for each instance that you included in step 4, with all of the variables on that same graph. As an example, a router with two interfaces would cause two graphs to be created, each containing three variables (for a WAN Interface Health report). Choosing the “Single Variable / Multiple Instances” form will create a graph for each variable, each containing all of the instances selected. With the above example, we would now get three graphs, each mapping two interfaces.

10) Use of the logarithmic scaling function allows large variables to be graphed on the same scales as very small variables, allowing realistic comparison of variables. Ordinarily a large variable will cause the graph scaling to make the small values disappear at the bottom of the graph.

11) Once you have finished, click “OK” to save the settings, and SNMPc

will begin gathering data for the reports. This will happen within the time interval that you chose in step 6. The web reports will not be created until the end of the first hour, on the hour. When this occurs, a new sub-directory of the SNMPc installation will be created, called Trendreports. To view the reports, open the file “reportframe.htm”.

12) At any time, trend reports can be viewed, ‘up to the minute’, by right-

clicking on the report in the selection tool, and choosing “View Report”.



Choose the date and type of report that you wish to see, and the appropriate data can be compiled and displayed as required.

Example: WAN bandwidth utilisation reports: Follow these steps, to create an on-going report to show your utilisation levels for your network connection. This can be used for any type of connection, but is best applied to a WAN link, running full Duplex.

1) Highlight a router that terminates the leased line that you want to report on. In the selection tool (left side of the screen), under the “Trend” tab, right-click and choose “Insert Report”.

2) Name your report.

3) Choose a MIB table, or pre-defined report. We want “WAN Interface

Health”.

4) Click the button marked “Instances”. Choose the router interfaces that you want to monitor, and ensure that the remaining interfaces are excluded from the report. Click “OK” when you are finished.

5) Set your polling interval; choose a smaller polling interval to gain the

greatest informational granularity.

6) Switch to the tab marked “Export Destinations”. We are going to create HTML report pages, so ensure that “To Web Server” is checked, along with all of the styles of graph that you are interested in; the recommendation is to use the graph and the summary as a minimum.

7) Choose your schedule. This determines the frequency with which the

report pages are generated. The recommendation is to select all of them.

8) Switch to the tab marked “Page Layout”. Choose the option “Single

Instance / Multiple Variables”. Set your index labels; these will be “Percentage Utilisation” on the index axis (y), and “Time” on the time axis (x). Click “OK” when you are ready. Within the polling interval that you set in step 5, the report will start to generate.



Advanced Trend Report Options

Limiting Saved Instances The polling agent normally polls all available instances for each variable in a trend report table. To limit polled instances, select the report name in the Trend Selection Tree and use the Right-Click Properties menu, then use the Instances button.

Select one or more rows in the displayed table and press the Add button to add them to the Instances Tree at left.

In the Instances Tree, select one or more labels (including <All Other Instances>) and press the Include or Exclude button.

For each included instance, use the Edit button to set textual instance names and manual threshold alarms

Setting Threshold Alarms You can generate a Threshold Alarm when a polled SNMP variable value meets certain criteria. SNMPc supports three distinct mechanisms for generating Threshold Alarms as described in the following table. ALARM TYPE DESCRIPTION Status Variable Polling Use the Object Properties dialog to

set a single SNMP variable plus instance that is polled in real time (Poll Interval attribute seconds). Use this for Emergency Status Polling. For example, poll for UPS battery failure, disk full, or link down conditions.



Automatic Trend Baseline SNMPc automatically determines a baseline value for all variables in any trend reports that you add. The baseline is set after a learning period and periodically adjusted. The polling agent will generate alarms if a polled value exceeds the baseline by a preset percentage.

Manual Trend Threshold Use manual threshold alarms in trend reports to specify a particular condition to test. This is commonly used to monitor line utilization variables. In this case the alarm condition is well known to the user and involves a longer polling period (e.g., 80% over 10 minutes).

Configuring Automatic Alarms Use the Config/Trend Reports menu and select the Automatic Alarms tab. You can set various parameters of the automatic alarm algorithm in this dialog. Generally the default settings are adequate and the main thing you might want to do is disable automatic alarms by unchecking the Enable Automatic Alarms checkbox.



Setting Manual Threshold Alarms Select the report name in the Trend Selection Tree and use the Right-Click Properties menu, then use the Instances button.

Select one or more rows in the displayed table and press the Add button to add them to the Instances Tree at left.

In the Instances Tree, select one or more labels (including <All Other Instances>) and press the Include or Exclude button.

For each included instance, use the Edit button to alarms for each variable

Select a variable name from the list at the bottom of the Instance Edit

dialog. Enter a simple expression at the Threshold edit box. This is an

operator (>, <, =, >=, <=, !=) and a numeric constant. You can also optionally enter a name for this variable instance in the

Instance Name edit box. This makes it easier to determine what the threshold alarm refers to.

Press OK. You will see a red exclamation mark next to the icon in the Instances Tree for any instances that have manual alarms.

Please keep in mind that for Counter variables, the values you set in the manual threshold will be compared against a polled sample. The polled sample will be larger or smaller depending on the trend report poll interval. For example, a link that shows 100K bytes in one minute might show 1000K



bytes in 10 minutes. This is different than what you see in trend graph, in which the samples are normalized to per-second values.

Section 7 – Disaster Recovery

SNMPc 7.0 supports resilient network monitoring using Live/Standby servers. You require a valid SNMPc license for each server. For testing purposes the backup server can be the evaluation version as long as it is the same software revision as the primary server.

Before installing the SNMPc Backup server ensure that you know the IP addresses of both the main and the backup server. In this example the IP addresses are:

Primary Server: 207.212.33.140 Backup Server 207.212.33.196

SNMPc uses TCP port 165 to monitor the status of the servers and to update the content of the backup server. You need to enable access for this port on any firewalls that are between the two SNMPc servers.

Installing the Backup Server

Install the backup server as normal. As the server will be operating in a backup capacity you should choose for the network discovery to be disabled when prompted in the installation process.

Once the software has installed select the Config, BackUp/Restore… menu. In the resulting window enter the IP addresses of the primary and backup servers. As this is the backup server you should unselect This system is currently polling map objects and check the Enable Backup Service option.

When you select the OK button you should see a message in the event viewer saying that the BackUp service is enabled.



Configuring the Primary server

Select the Config, BackUp/Restore… menu. As before enter the IP address of the primary and backup servers. As this is the primary server ensure that both Enable Backup Service and This system is currently polling map objects options are checked. It is recommended that the primary server update the backup server with configuration information on a daily basis. You should therefore check Enable Scheduled Backups.

Select OK

To test connectivity select the File/Backup menu option. Enter a file name in the BackUp To: box and select Backup.

Then select the History tab on the event viewer. After a couple of minutes you should see the entry BackupService: Completed export to Backup Server on the primary server.

On the backup server you should see BackupService: Completed import from Primary Server

The Live/Standby SNMPc servers are now configured.



Useful Tools

MIB Browser Use the Tools/MIB Browser menu to view and edit individual MIB variables or the selected map object. The following sections describe how to use the MIB Browser tool.

Selecting a MIB Variable and Instance

Select MIB variables from the MIB Selection Tree in the left window. You can enlarge this window by moving the drag bar at the right edge of the window. When you select a MIB variable (leaf node in the tree) the variable name will be placed in the MIB Variable pull-down list in the toolbar. You can append a variable instance part to the variable name in this edit box.



Some Valid MIB Variables with Instance The MIB Variable edit box also has a pull-down list of all variable names that have been used in a Get or Set operation. You can select a variable from the list instead of using the MIB Selection Tree. You can also type an entire variable name directly into the MIB Variable edit box.

Whenever you select a MIB Variable, some information about the variable is displayed in the window along the bottom of the MIB Browser. This information includes the variable name, its full object identifier (in dot format), the variable type, the name of the MIB source file, and a description of the variable.

Getting MIB Variable Values

After you have selected a MIB variable, use the MIB/GetNext menu, or the GetNext button, to perform a Get Next SNMP operation. This operation will retrieve the next instance of the selected variable, or the next variable.

To get the value of a fully specified variable and instance, use the MIB/Get menu or the Get button to perform an SNMP Get operation. You must specify a full instance to perform this operation.

If the selected device supports SNMP V2c, use the Mib/Bulk menu to perform a Get Bulk SNMP operation. This will retrieve ten variables and values by default. Use the MIB/Settings menu to change the number of variables retrieved by the Bulk menu.

As values are retrieved, the variable name, instance, and value are appended to the data window on the right side of the MIB Browser tool. You can enlarge this window using the center drag control.



TrapSend

Use the Tools/Trap Sender menu to verify the behavior of event filters. The TrapSend dialog box is displayed, which is composed of the following three areas:

1. The top left corner has an Event Action Selection Tree, containing only Trap Names (no event action filters). Use this tree to select a trap prototype. After you have selected a trap, use the formatting edit fields to fill in trap arguments and addressing information.

2. The right hand side of the dialog box contains a set of trap formatting controls. Use these controls to enter information used to construct an SNMP trap, such as destination and source addresses, community name, variable instances and variable values.

3. The bottom of the dialog contains a list box where you can add a set of formatted traps. You can save the list to a file for later use. Once you have added entries to this list you can just select any item and press the Send button to transmit the formatted trap.

Trap Sender Formatting Controls

The following table describes each of the formatting controls:

Control Usage

From Object This is the Target Device in the map that the trap is about. The address of this object is used as the trap Agent Address.

Browse (>>) Use this button to browse the map database and select a From Object.

To Address This is the transport destination, which is the IP address of the SNMPc server.

Comm The trap community

Send Count The number of times the trap will be sent when you press the Send button.

Delay The number of milliseconds to delay between sending multiple traps.

Var Name The selected trap variable name (read-only)

Var Instance Enter the instance for the selected variable in this edit box.

Var Value Enter the value for the selected variable in this edit box. For enumerated integer variables, select one of the items in the pull-down list.

Var List A list of variables for the selected trap. Select a variable name and then use the Var Instance and Var Value edit boxes to set the variables instance and value, respectively.



Trap Sender Dialog Commands

The following table describes the dialog command buttons:

Button Action

Add Adds a formatted trap to the trap list box.

Delete Deletes the item selected in the trap list box

Change Replaces the item selected in the trap list box with the information from the trap formatting edit fields.

Save Saves the contents of the trap list box entries to \snmpcnt\trapsend.trp.

SaveAs Saves the contents of the trap list box to a file you select.

Load Loads the trap list box from a file.

Send Send the selected (fromatted) trap.

Close Exit the Trap Sender tool.



V7 How to Upgrade

Backup / Restore Procedure

SNMPc contains the necessary functions to backup all required files and databases. This is configured in the “File / Backup…” menu option.

1) Go to “File / Backup…”. Click the “Setup” button, and enter the full path

to the directory you wish to use for backed up data. This may be local (eg. c:\program files\snmpc network manager\backup) or it may be a network drive. It is better for the network drive to be referenced as a mapped drive, rather than addressing a server directly (eg. \\SERVER1).

2) For automatic, scheduled backups, tick the checkbox labelled “Enable

Scheduled Backups”. This enables daily backups.

3) Set the hour of the day for the backup to occur. This is may be between 0 and 23. the default setting is 1.

4) To automatically delete backup file-sets that are older than a given

number of days, enter the number of days required in the rotation scheme. Bear in mind that a single backup set can easily reach 50Mb in size, so do not keep too many sets, if disk space is an issue. Click “OK” to save changes.

To perform a backup right now In the backup dialogue, ensure that you have configured a backup directory in the setup menu, as described in point 1 above. Any currently existing backup file-sets will be listed in the main part of the dialogue window. In the text field marked “Backup To:”, enter the file-set name you wish to save to right now. Click “Backup”; you will see a pop-up message, alerting you to the fact that you are now performing a backup, and that the results will be logged to the history log. Click “Done” to exit the backup dialogue. In the history log, if the backup is successful you will see two entries:

Info 04/24/2002 15:09:41 192.168.1.90 historyPoller System Info: Backup operation completed (c:\program files\snmpc network manager\backup\1) Info 04/24/2002 15:10:07 192.168.1.90 snmpcServer System Info: Backup operation completed (c:\program files\snmpc network manager\backup\1)



Download latest release.

The latest updates are only available from the Support section of the Castlerock website www.castlerock.com. Access to this website is only available if you have a current maintenance contract. There are release notes supplied with each patch, these release notes date back all the way to version 1 of the software.

Upgrade procedure

o Shutdown SNMPc Components. o Double click on the executable file. o A window will pop up asking whether you wish to Uninstall or

upgrade to v6. Select Upgrade and click next. o The Files will now be updated, o Once complete re-start SNMPc

Managing Tasks

Starting and Stopping SNMPc Components

NOTE :To control SNMPc tasks, you must be logged on to Windows with Administrator permission.

Use the Windows Start/SNMPc Network Manager/Configure Tasks menu to configure which programs you want to run when you start the SNMPc system and to enable or disable automatic startup of SNMPc system tasks and the Local Console. The SNMPc Tasks Setup dialog box is displayed.

The SNMPc Task Setup dialog has several check and edit boxes for global configuration of the startup mode. It also has a list box with one entry for each program used by the SNMPc system. After you install one or more SNMPc components, the Task Setup dialog will be automatically configured to default values for the installed components.

To Configure Automatic Startup of Tasks:

To run system tasks (Server and Polling Agents) as Windows Services in the Enterprise Edition only, enable the Run SNMPc Tasks as Windows Services check box. This option is disabled by default.



To disable startup of all enabled tasks when you boot the computer or log in to Windows, disable the Auto Startup check box. This option is enabled by default.

To disable automatic startup and login of a Local Console on the Server computer, disable the Auto Login User check box. This option is enabled by default.

To change the username and password used for automatic login of the Local Console on the Server computer, set these values in the two edit boxes to the right of the Auto Login User check box.

Press the Done button to save your changes.

To Configure Individual Task Settings:

To enable or disable running of a task, check or clear the associated check box.

To add a program to the task list, press the Add button. The Add Program dialog is displayed. Enter the description, Window name, executable path, and program arguments, in the appropriate edit boxes.

Use the Edit button to modify the attributes of the selected task. You cannot modify the SNMPc system tasks.

Use the Delete button to delete a task. You cannot delete the SNMPc system tasks.

Press the Done button to save your changes and close the dialog.

SUPPORT

Support is available from two main sources.

If you have an Annual Maintenance contract you are entitled to an account for the CastleRock Support site. These accounts need to be registered within 60 days otherwise it will time out. If you think you are entitled to a login and do not have one please contact me and I will investigate it for you.

Teneo provide both Telephone and email support for Europe and the US. We can be contacted at Telephone : +44 (0) 118 9703900 GMT (09:00 – 17:30) Email : [email protected] or [email protected]



We also send InControl our monthly eNewletter that includes information on the latest SNMPc Version, Support News, special offers etc. If you would like to be included on this mailing list please send an email to [email protected]



Add-On Products There is evaluation versions of both the following products included on the supplied CD. For more information on pricing etc please contact [email protected].

Notification Works

NotificationWorks, with the Castle Rock SNMPc adapter, brings a modular solution to users, enabling them to pick and choose the Alerting and Alarming capability that fits their needs. The software is an important and invaluable addition to Castle Rock SNMPc and other network management platforms (including ‘Cisco Works’ and ‘ManageWise’). The NotificationWorks and PageManager Pro modules enable customers to enjoy a greater flexibility in managing alarms and distributing actions to support teams. PageManager is a multi-threaded 32-bit Application Module for Windows 95, 98 and NT/2000, providing a low cost advanced alarm monitoring and notification utility. Using 24hour-7day scheduling, critical network alarms can be quickly identified and forwarded to the scheduled network personnel, ensuring that network downtime is kept to a minimum. The alarm messages can be forwarded to alphanumeric pagers, e-mail addresses, and/or mobile phones. PageManager even provides a detailed log report of all sent alarms.

Teneo’s Technical Manager, Marc Sollars, explores some of the key advantages of NotificationWorks’ PageManager Pro module:

“The initial set-up of Service Providers and Users is a lot more straightforward within PageManager Pro due to its ‘quick Start’ feature and the predefinition of all the major UK Service providers.

“The integration with SNMPc is seamless; PageManager Pro reads the SNMPc Error Log, enabling all the events to be set-up within SNMPc with the decision of which alarms are sent to engineers via email and SMS configured within PageManager Pro.

“Teneo’s technical support department is often asked if SNMPc can wait to see if a problem resolves itself (e.g. WAN link bouncing) before sending an SMS or email message, thus sending only relevant and important messages to an engineer. PageManager Pro achieves this through its Alarm Correlation and Downstream filtering functionality. For example, if a “WAN link failure” alarm arrives, the alarm can be set to wait for a “WAN link up” alarm to arrive. Only if this second message doesn’t arrive within the defined time period is the “WAN link failure” alarm message released. In contrast, Air Messenger Pro and SNMPc would send all the ups and downs when they happened.



“Scheduling when alarms are sent and to which member of staff is also made easy within PageManager Pro. Network personnel can be assigned by days and times on a 24/7 calendar. The software enables the user to make someone unavailable on a specific date and time and assign another engineer to provide coverage. An extra alarm message is also available to inform the paged engineer for whom they are covering e.g. ‘(Cover for Marc) WAN link is down’.”



THIS PAGE IS INTENTIONALLY BLANK

Castle Rock SNMPc Course Notes

Documents

Transcript of Castle Rock SNMPc Course Notes