Sure, you can handle it. But should you?
Let our experts manage the tech maintenance while you focus on your business.
Let our experts manage the tech maintenance while you focus on your business.
Operations
Provision of app.telemetry Information on G7 Appliances via SNMPv3
Copyright ©
Mindbreeze GmbH, A-4020 Linz, 2024.
All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.
These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.
For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.
Introduction
App.telemetry status information via SNMPv3 is only available on G7 appliances.
For security reasons, SNMP v2c or v1 is only available locally on the appliance.
In addition, SNMPv3 is only allowed with defined users.
Firewall activation
The SNMP port is not enabled by default in the firewall.
The following lines have to be entered into /var/data/iptables.sh in lines 3 and 4 of the host:
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -s <trusted source> -p tcp -m tcp --dport 161 -j DOCKER
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -s <trusted source> -p udp -m udp --dport 161 -j DOCKER
Restart the appliance to apply the rules.
The firewall rules must be adjusted again after an update. In this case, the Update Service automatically creates a backup.
Creating SNMPv3 users
To create SNMPv3 users, the following commands must be executed within the inspire container:
systemctl stop snmpd
echo createUser <username> <hash_algo> "<auth_password>" <encryption_algo> "<encryption_pass>" >> /var/lib/net-snmp/snmpd.conf
echo "rouser <username>" >> /config/snmpd/snmpusers.conf
systemctl start snmpd
Parameters:
- username: User name
- hash_algo: MD5 or SHA
- auth_password: Password for authentication
- encryption_algo: DES or AES
- encryption_pass: Encryption password
Example:
systemctl stop snmpd
echo createUser v3user SHA "mindbreeze" AES mindbreeze >> /var/lib/net-snmp/snmpd.conf
echo "rouser v3user" >> /config/snmpd/snmpusers.conf
systemctl start snmpd
The changes are persistent even across updates.
Querying app.telemetry information
The app.telemetry information is available under the following OID:
iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100) apptelemetry(2)
Test
To test the setup, all SNMP values can be queried via snmpwalk:
snmpwalk -v3 -a SHA -A mindbreeze -x AES -X mindbreeze -u v3user -l authPriv inspireappliance.domain .1.3.6.1.4.1.17100.2
Attachment: MIBs
Fabasoft app.telemetry base MIB
--==========================================================================
-- Copyright (c) Fabasoft R&D GmbH, A-4020 Linz, 1988-2018.
--
-- The user of the computer program acknowledges that the above copyright notice
-- within the meaning as defined by the World Copyright Convention
-- shall remain affixed in the location in the computer program's operation as
-- determined by the author in order to sufficiently reflect
-- the claim of copyright. This copyright notice may not be removed, changed,
-- or relocated by the customer, user, and/or third parties.
--==========================================================================
FABASOFT-MAIN-MIB DEFINITIONS ::=
BEGIN
IMPORTS
MODULE-IDENTITY,
enterprises FROM SNMPv2-SMI;
fabasoft MODULE-IDENTITY
LAST-UPDATED "200706211000Z"
ORGANIZATION "Fabasoft R&D GmbH"
CONTACT-INFO
"Fabasoft R&D GmbH
Postal: Honauerstrasse 4
4020 Linz
AUSTRIA
Tel: +43 732 606162
Fax: +43 732 606162 609
E-mail: support@fabasoft.com"
DESCRIPTION
"The structure of management information for the Fabasoft enterprise."
::= { enterprises 17100 }
-- assigned by IANA (1.3.6.1.4.1.17100)
-- enterprise number 17100 (so whole number is 1.3.6.1.4.1.17100)
-- iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100)
components OBJECT IDENTIFIER ::= { fabasoft 1 }
server OBJECT IDENTIFIER ::= { components 1 }
END
Fabasoft app.telemery MIB
-- =========================================================================
-- Copyright (c) Fabasoft R&D GmbH, A-4020 Linz, 1988-2018.
--
-- All rights reserved. All hardware and software names used are
-- brand names and/or trademarks of their respective manufacturers.
--
-- The user of the computer program acknowledges that the above copyright notice
-- within the meaning as defined by the World Copyright Convention
-- shall remain affixed in the location in the computer program's operation as
-- determined by the author in order to sufficiently reflect
-- the claim of copyright. This copyright notice may not be removed, changed,
-- or relocated by the customer, user, and/or third parties.
-- =========================================================================
FABASOFT-APPTELEMETRY-MIB DEFINITIONS ::=
BEGIN
IMPORTS
fabasoft FROM FABASOFT-MAIN-MIB
OBJECT-TYPE, Integer32,
MODULE-IDENTITY FROM SNMPv2-SMI
TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC;
apptelemetry MODULE-IDENTITY
LAST-UPDATED "201602011000Z"
ORGANIZATION "Fabasoft R&D GmbH"
CONTACT-INFO
"Fabasoft R&D GmbH
Postal: Honauerstrasse 4
4020 Linz
AUSTRIA
Tel: +43 732 606162
Fax: +43 732 606162 609
E-mail: support@fabasoft.com"
DESCRIPTION
"The structure of management information for the Fabasoft app.telemetry."
::= { fabasoft 2 }
-- iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) fabasoft(17100) apptelemetry(2)
-- <https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers>
apmServer OBJECT IDENTIFIER ::= { apptelemetry 1 }
apmStatus OBJECT IDENTIFIER ::= { apmServer 1 }
apmStatusAgentTable OBJECT-TYPE
SYNTAX SEQUENCE OF ApmStatusAgentEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains status information for current app.telemetry agent connections."
::= { apmStatus 1 }
apmStatusAgentEntry OBJECT-TYPE
SYNTAX ApmStatusAgentEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row describing a given agent."
INDEX { apmAgentId }
::= {apmStatusAgentTable 1 }
ApmStatusAgentEntry ::= SEQUENCE {
apmAgentId Integer32,
apmAgentName DisplayString,
apmAgentStatus ApmStatusAgentStatus
}
ApmStatusAgentStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Represents an app.telemetry agent status."
SYNTAX INTEGER { ok(0), warning(1), critical(2), unknown(3) }
apmAgentId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Id of the agent configuration object."
::= { apmStatusAgentEntry 1 }
apmAgentName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the agent object."
::= { apmStatusAgentEntry 2 }
apmAgentStatus OBJECT-TYPE
SYNTAX ApmStatusAgentStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current status of the agent connection."
::= { apmStatusAgentEntry 3 }
-- ServiceGroup
apmStatusServiceGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF ApmStatusServiceGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains status information for current service group status."
::= { apmStatus 2 }
apmStatusServiceGroupEntry OBJECT-TYPE
SYNTAX ApmStatusServiceGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row describing a given agent."
INDEX { apmServiceGroupId }
::= {apmStatusServiceGroupTable 1 }
ApmStatusServiceGroupEntry ::= SEQUENCE {
apmServiceGroupId Integer32,
apmServiceGroupName DisplayString,
apmServiceGroupStatus ApmStatusServiceGroupStatus,
apmServiceGroupParentId Integer32
}
ApmStatusServiceGroupStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Represents an app.telemetry agent status."
SYNTAX INTEGER { ok(0), warning(1), critical(2), unknown(3) }
apmServiceGroupId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the agent configuration object."
::= { apmStatusServiceGroupEntry 1 }
apmServiceGroupName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the agent object."
::= { apmStatusServiceGroupEntry 2 }
apmServiceGroupStatus OBJECT-TYPE
SYNTAX ApmStatusServiceGroupStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current status of the agent connection."
::= { apmStatusServiceGroupEntry 3 }
apmServiceGroupParentId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the parent service group."
::= { apmStatusServiceGroupEntry 4 }
-- Service
apmStatusServiceTable OBJECT-TYPE
SYNTAX SEQUENCE OF ApmStatusServiceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains status information for current service status."
::= { apmStatus 3 }
apmStatusServiceEntry OBJECT-TYPE
SYNTAX ApmStatusServiceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row describing a given agent."
INDEX { apmServiceId }
::= {apmStatusServiceTable 1 }
ApmStatusServiceEntry ::= SEQUENCE {
apmServiceId Integer32,
apmServiceName DisplayString,
apmServiceStatus ApmStatusServiceStatus,
apmServiceParentId Integer32
}
ApmStatusServiceStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Represents an app.telemetry agent status."
SYNTAX INTEGER { ok(0), warning(1), critical(2), unknown(3) }
apmServiceId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the agent configuration object."
::= { apmStatusServiceEntry 1 }
apmServiceName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the agent object."
::= { apmStatusServiceEntry 2 }
apmServiceStatus OBJECT-TYPE
SYNTAX ApmStatusServiceStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current status of the agent connection."
::= { apmStatusServiceEntry 3 }
apmServiceParentId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the parent service group."
::= { apmStatusServiceEntry 4 }
-- ServiceCheck
apmStatusServiceCheckTable OBJECT-TYPE
SYNTAX SEQUENCE OF ApmStatusServiceCheckEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains status information for current service check status."
::= { apmStatus 4 }
apmStatusServiceCheckEntry OBJECT-TYPE
SYNTAX ApmStatusServiceCheckEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row describing a given agent."
INDEX { apmServiceCheckId }
::= {apmStatusServiceCheckTable 1 }
ApmStatusServiceCheckEntry ::= SEQUENCE {
apmServiceCheckId Integer32,
apmServiceCheckName DisplayString,
apmServiceCheckStatus ApmStatusServiceCheckStatus,
apmServiceCheckParentId Integer32
}
ApmStatusServiceCheckStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Represents an app.telemetry service check status."
SYNTAX INTEGER { ok(0), warning(1), critical(2), unknown(3) }
apmServiceCheckId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the agent configuration object."
::= { apmStatusServiceCheckEntry 1 }
apmServiceCheckName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of the agent object."
::= { apmStatusServiceCheckEntry 2 }
apmServiceCheckStatus OBJECT-TYPE
SYNTAX ApmStatusServiceCheckStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current status of the agent connection."
::= { apmStatusServiceCheckEntry 3 }
apmServiceCheckParentId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Id of the parent service."
::= { apmStatusServiceCheckEntry 4 }
END