This chapter describes the management and configuration tasks for the simple network management protocol (SNMP) agent and management information bases (MIBs) available with the 3-DNS Controller.
The 3-DNS SNMP agent and MIBs allow you to manage the 3-DNS Controller by configuring traps for the SNMP agent or by polling the controller with your standard network management station (NMS).
You can use the Configuration utility to configure the 3-DNS SNMP agent to send traps to your management system. You can also set up custom traps by editing several configuration files.
To securely manage information that is collected by the 3-DNS SNMP agent, you have the following security options available:
To use SNMP on the 3-DNS Controller, you must complete the following tasks:
The 3-DNS Controller includes a private 3-DNS SNMP MIB. This MIB is specifically designed for use with the 3-DNS Controller. You can configure the SNMP settings in the Configuration utility or on the command line.
SNMP management software requires that you use the MIB files associated with the device. You may obtain three MIB files from the 3-DNS directory /usr/contrib/f5/mibs, or you can download the files from the Additional Software Downloads section of the Configuration utility home page. The files you need are:
For information about the objects defined in 3dns.my, refer to the descriptions in the object identifier (OID) section of the MIB file. For information about the objects defined in rfc1611.my, refer to RFC 1611.
You need to make changes to several configuration files on the 3-DNS Controller before using the SNMP agent. Once you change these configuration files, you must restart the SNMP agent. The files are discussed in the following sections.
The /etc/hosts.deny file must be present to deny, by default, all UDP connections to the SNMP agent. The contents of this file are as follows:
ALL : ALL
Note: If you prefer, instead of modifying this file manually, you can use the Configuration utility to specify the hosts that are allowed to access the SNMP agent. See the section titled, To set SNMP properties using the Configuration utility, later in this chapter.
The /etc/hosts.allow file specifies the hosts that are allowed to access the SNMP agent. You can configure access to the SNMP agent with the /etc/host.allow file in one of two ways:
For a specific list of addresses, type in the list of addresses you want to allow access to the SNMP agent. Addresses in the list must be separated by blank space or by commas. The basic syntax is as follows:
daemon: <IP address> <IP address> <IP address>
For example, if you type the following line, the SNMP agent accepts connections from the specified IP addresses:
snmpd: 18.104.22.168 22.214.171.124 126.96.36.199
For a range of addresses, the basic syntax is as follows, where daemon is the name of the daemon, and NETWORKADDRESS/MASK specifies the network that is allowed access:
For example, the following line sets the snmpd daemon to allow connections from the 188.8.131.52/255.255.255.0 address:
The previous example allows the 256 possible hosts from the network address 184.108.40.206 to access the SNMP daemon. You may also use the keyword ALL to allow access for all hosts or all daemons.
Note: If you prefer, instead of modifying this file manually, you can use the Configuration utility to set these SNMP properties. See the section titled, To set SNMP properties using the Configuration utility, later in this chapter.
The /etc/snmpd.conf file controls most aspects of the SNMP agent. This file is used to set up and configure certain traps, passwords, and general SNMP variable names. A few of the necessary variables are listed below:
Note: To change the trap port, be sure the trapport line precedes the trapsink line. If you use more than one trapport line, there must be one trapport line before each trapsink line. The same is true for trapcommunity; if you use more than one trapcommunity line, there must be one trapcommunity line before each trapsink line.
The following entry in the /etc/rc.local file sets the SNMP agent to automatically start up when you boot the 3-DNS Controller (Figure 8.1 ).
# 3DNS SNMP Agent
if [ -f /etc/snmpd.conf ]; then
/sbin/snmpd -c /etc/snmpd.conf
If the /etc/snmpd.conf file is present on your system, the SNMP agent starts automatically.
The configuration in /etc/snmptrap.conf determines which messages generate traps and what those traps are. The file includes OIDS, traps, and regular expression mappings. The configuration file specifies whether to send a specific trap based on a regular expression. An excerpt of the configuration file is shown in Figure 8.2
# Default traps.
.220.127.116.11.4.1.3318.104.22.168.2.0.1 (SNMP_TRAP: VS.*?state change green.*?red) VIRTUAL SERVER GREEN TO RED
.22.214.171.124.4.1.33126.96.36.199.2.0.2 (SNMP_TRAP: VS.*?state change red.*?green) VIRTUAL SERVER RED TO GREEN
.188.8.131.52.4.1.33184.108.40.206.2.0.3 (SNMP_TRAP: SERVER.*?state change green.*?red) SERVER GREEN TO RED
.220.127.116.11.4.1.3318.104.22.168.2.0.4 (SNMP_TRAP: SERVER.*?state change red.*?green) SERVER RED TO GREEN
.22.214.171.124.4.1.33126.96.36.199.2.0.5 (SNMP_TRAP: iQuery message from big3d) CRC FAILURE
Some of the OIDs have been permanently mapped to 3-DNS specific events. The OIDs that are permanently mapped for the 3-Controller include:
To see messages that are triggering a trap, look in the var/3dns/log/3dns.log file.
To generate traps, you must configure syslog to send syslog lines to checktrap.pl. If the syslog lines match the specified regular expression in the snmptrap.conf file, the checktrap.pl script generates a valid SNMP trap. The following line in the /etc/syslog.conf file causes the syslog utility to send the specified log output to the checktrap.pl script. The checktrap.pl script then compares the logged information against the snmptrap.conf file to determine if a trap should be generated.
local2.warning | exec /sbin/checktrap.pl.
The checktrap.pl script reads a set of lines from standard input. The script checks each line against a set of regular expressions. If a line matches the regular expression, an SNMP trap is sent.
snmpd_conf_file=<snmp configuration file>
This file contains the SNMP variables. The checktrap.pl script gets trap configuration information from this file. The default is /etc/snmpd.conf.
trapd_conf_file=<snmp trap configuration file>
This file contains the regular expression to SNMP trap OID mappings. It also contains a description string that is added to the trap message. The default is /etc/snmptrap.conf.
trap_program=<snmp trap program>
This program sends the trap. This program should be the snmptrap program included with the 3-DNS Controller. The default is /sbin/snmptrap.
This turns off automatic date stripping. Normally, each input line is expected to begin with a date. Typically, this date is stripped off before the trap is sent. This option keeps the date information in the trap. If you do not add this option, the date is stripped from the trap by default.
This prints a usage string.
You can use the Configuration utility to configure the following aspects of the 3-DNS SNMP agent:
The Configuration utility provides sample SNMP settings for your reference. To use the 3-DNS SNMP MIB, you must replace these sample settings with settings appropriate to your environment and your specific SNMP management software.