For some servers it's unsuitable to install a specific agent that allows retrieval of information such as memory usage, system load and disk usage. Fortunately, many such servers come with the net-snmp software either pre-packaged or pre-installed. This article explains how to utilize SNMP to monitor such servers.
The information given here should work on all SNMP-enabled servers. Microsoft recommends against using SNMP on Windows, so this article will focus on Linux and Unix servers.
1 - Configure the host's SNMP daemon
This is necessary in order for the host to respond to our queries. Following the how-to article Configure a Linux server for SNMP monitoring will prepare the target host for monitoring. For the remainder of this article, we'll assume that you've followed those steps. You should, however, replace authPass and privPass here with the passwords you chose when configuring your server for monitoring.
2 - Add the server as a host in OP5 Monitor
3 - Configure the SNMP checks
The server-specific SNMP based checks primarily relate to checking things such as cpu load, memory utilization, disk utilization and processes. These are the areas we primarily recommend checking.
- CPU - Malfunctioning or suboptimally configured software tends to utilize inordinate amounts of CPU
- Memory - Running out of memory can cause system and/or process crashes
- Disk usage - Full disks spell trouble on most servers
- Processes - A computer without processes is worse than useless. Make sure yours are running.
Using the op5 Monitor Configuration Tool, you have the option to add new services to a host. How to do so is explained in the manual for the configuring. Briefly though: A check-command is used to create a particular check. The complete list of server-specific Unix/Linux check commands as of 2015-08-16 is listed below. There are other SNMP based checks that can be performed against servers, but some of them are vendor specific (such as chassis temperature etc), and some of them are explained elsewhere or have great tool support in the configuration tool (such as network traffic checks).
Configuring checks using SNMP v3
Setting up all the parameters required for using SNMP can be a daunting task, and creating separate check commands for all possible variations would quickly become unwieldy. Because of that, we have chosen to use a less rigid format for SNMP v3 checks which allows you, the user, to pass command-line arguments specifically for SNMP v3 authentication and encryption directly to the plugins. Keep in mind that (almost) all checks in op5 Monitor are executed by plugins, which are basically small scripts and programs that tend to perform one small task (although sometimes in a couple of different ways) quickly and efficiently.
The relevant help-text section for SNMP v3 plugin parameters follows:
AES is the default encryption method (--privproto). We strongly recommend that you do not use DES, as DES is easily crackable by brute force. SHA is the default authentication protocol (–authproto). We recommend that you use the SHA HMAC authentication, as MD5 is both slower and less secure. If no --privproto or --authproto is used, the default settings will be used instead. The default --seclevel is determined by the passwords provided. If --authpassword is set but --privasswd is not, we assume authNoPriv. If Both --authpassword and --privpasswd are set, we assume authPriv. If neither is set, we assume noAuthNoPriv. This leads to a very handy situation where all you really have to provide is the SNMP v3 username (--secname) and whichever of the two passwords you have set in order for SNMP v3 authentication and encryption to work properly.
Because there are so many different combinations of SNMP v3 authentication mechanisms, we have opted to create only one check command for SNMP v3 per metric we can measure. An example of a suitable command_line_args string for SNMP v3 with the same warning and critical thresholds as above would read as follows (assuming your SNMP v3 username is snmp_user and you have authPass as your authentication password and privPass as your privacy password; We obviously recommend that you choose other passwords yourself):
Configuring checks using SNMP v2c
The SNMP v2 checks require a community name to be specified in order to be accessed. The community name is always the first argument for all SNMP v2 checks. The default community name for SNMP installations is "public", as per common consent and legacy reasons. We obviously recommend that you change that. Assuming you change it to community, the string below represents one likely setting for the command_line_args used to configure options for the plugin used to perform the check that results in the service's status and message. Note that the rest of the arguments are warning and critical thresholds and have to be tweaked to suit your specific environment and the type of check you're running.
Note that we don't recommend using SNMP v2c, since it doesn't allow for strong authentication or encryption of the traffic.
Choose what to monitor
Below is a list of all server specific but vendor generic checkcommands provided by default. The list is exhaustive as of op5 Monitor version 7.1.0.