Linux Monitoring from a Windows device using SNMP

Although it is possible to use the SNMP Check contained within the Linux Monitoring Agent, in some circumstances you may wish to monitor the Linux SNMP indicators from a Windows device and the following section covers the configuration of the Linux machine for SNMP.

Installation and configuration of the SNMP daemon

The Linux machine that you wish to monitor may or may not have the necessary SNMP software installed on it already. If not, you'll have to install it using the appropriate package management tools for your distro. Basically you'll need, as a minimum, the net-snmp package and we recommend getting net snmp-utils as well in case you need to do a little debugging. On Red Hat like distros you can get these with:

$ yum install net-snmp net-snmp-utils

Apt-get, synaptic, etc should give you access to these packages in the usual way for Debian-based distros.

Once the software is installed you need to start the daemon and set it to autostart. Again, for Red Hat-based distros this would be accomplished by:

$ chkconfig --level 2345 snmpd on

$ service snmpd start

If that starts, all well and good. You can test that it is working with:

$ snmpwalk -v 1 -c public localhost

which will query the daemon and report back everything it can find.

On most systems you will probably see a listing of a handful of system variables like system name, etc., which is probably less than you might expect and certainly not enough to do any monitoring. There are a couple of reasons for this and changing this requires editing of the config file. Fire up your favourite editor and point it at /etc/snmp/snmpd.conf. Within the file you should see a line that looks like:

view systemview included .1.3.6.1.2.1.1

This permits access to the subtree .1.3.6.1.2.1.1, which contains the system information objects, such as description, name, etc. There are a number of additional subtrees that provide useful information - as a starting point we would recommend adding the following lines to the configuration file:

view systemview included .1.3.6.1.2.1.25.1.1

view systemview included .1.3.6.1.4.1

these will make visible uptime and system performance information respectively. After re-starting the daemon you can use the snmpwalk utility to check that all is well.

If you are running an external firewall and/or iptables on the machine itself, you will have to configure it or them to allow access to port 161 via UDP. You can restrict the source addresses from which access will be allowed if you wish to do so as a security measure. You can also change the default community string (‘public’ in the example above) in the snmpd.conf file if you want to avoid use of this default value. Although it gives read-only access, changing it will prevent access using this well-known password.

Within the Advanced Monitoring Agent there are preconfigured settings for the following parameters that will require no further configuration on the Linux machine:

It is also possible to configure additional monitoring with some further directives in the snmpd.conf file. Disk information can be made available using the disk directive in the file. You can set up monitoring for each partition on the system using a disk directive as follows (for the /partition for example):

disk /

Each directive that is added will enable monitoring of a specific partition and there are pre-configured settings that can be used to monitor disk space percentage usage for up to 6 partitions, which are referenced in the check set-up by number, starting at 1 and incrementing with each disk directive. So, for example, a config file containing the lines:

disk /

disk /boot

disk /var

disk /usr

Would allow monitoring of percentage disk use on the partitions /, /boot, /var and /usr by configuring the checks on partitions 1, 2, 3 and 4 respectively.

The agent can also be used to monitor the number of instances of a particular process and any error flags that have been raised by a process. This requires the use of PROC directives in the configuration file. So, to monitor the httpd (Apache) process, you would enter the line:

PROC httpd

In the config file. The number of httpd processes running will give an indication of how much traffic the machine is seeing. By default, there should never be less than 8 httpd processes running;

the maximum number you expect to see will vary depending on the nature of the application being run and the levels of traffic you would expect to see. For most web servers values above 50,

for example, will be unusual but in order to be able to do meaningful monitoring you should perform some baselining of usage patterns in order to set thresholds that are appropriate for your environment.

Once this is in place (and the SNMP daemon restarted if necessary) you can configure the agent to report on the number of instances and any errors for the httpd process by setting the checks for process 1 in the agent or on the dashboard. As with the disk checks, successive use of the PROC directive creates additional entries with ascending index numbers, so the next PROC directive would cause the process names using it to become visible as process 2, and so on. The SNMP check has pre-configured support for up to 6 processes.

After the Linux machine has been configured and is responding correctly to SNMP queries locally and from remote machines, you can configure the Agent to carry out the checks.